Unlock Windows programmatically

Question

In my current C# code I'm able to lock a Windows user session programmatically (same as Windows + L).

Since the app would still be running, is there any way to unlock the session from that C# program. User credentials are known. The app is running on Windows 7.

If you have the credentials (username and password) you have another problem. — Emond, Aug 07 '11 at 19:32
Duplicate of http://stackoverflow.com/questions/5764174/unlock-local-computer-using-net — Ivan Danilov, Aug 07 '11 at 19:34
My recommendation is not to lock the workstation. I mean, if you want it unlocked then just refrain from locking it. — David Heffernan, Aug 07 '11 at 19:36
Out of curiosity, can you explain why you want the session to be unlocked automatically? What's the use case? — ceztko, Aug 07 '11 at 19:38

score 7 · Answer 1 · answered Feb 03 '16 at 10:05

You'll need a custom windows credential provider to log in for you. Also, you'll need to save the user's credentials somewhere to log in. There are some samples in Windows SDK 7 https://www.microsoft.com/en-us/download/details.aspx?id=8279

There's a bunch of projects to get you started under Samples\security\credentialproviders.

To unlock the screen:

set the username / password in CSampleCredential::Initialize
set autologin to true in CSampleCredential::SetSelected
search the hardware provider sample for WM_TOGGLE_CONNECTED_STATUS message to see how to trigger the login
build some way to communicate with your app to trigger the unlock (local tcp server for example)

It's a pain in the ass, but it works.

I'd like to get this solution working on Windows 10 but my Windows skills are rusty. Please contact me through the site on my profile page if you'd be interested in doing some consulting work here. — davidgyoung, Jun 18 '18 at 14:37

Ivan Danilov · Answer 2 · 2015-07-16T20:18:40.247

5

Here is some hackery to do that: http://www.codeproject.com/Articles/16197/Remotely-Unlock-a-Windows-Workstation Didn't test it myself though.

Not for .NET part, but you could also make your own custom Logon UI and inject some mechanism there. It can easily become security problem though.

edited Jul 16 '15 at 20:18

answered Aug 07 '11 at 19:31

Ivan Danilov

14,287
6
48
66

score -2 · Answer 3 · edited May 01 '14 at 22:34

    var path = new ManagementPath();
    path.NamespacePath = "\\ROOT\\CIMV2\\Security\\MicrosoftVolumeEncryption"; path.ClassName = "Win32_EncryptableVolume";

    var scope = new ManagementScope(path, new ConnectionOptions() { Impersonation = ImpersonationLevel.Impersonate });

    var management = new ManagementClass(scope, path, new ObjectGetOptions());

    foreach (ManagementObject vol in management.GetInstances())
    {

        Console.WriteLine("----" + vol["DriveLetter"]);
        switch ((uint)vol["ProtectionStatus"])
        {
            case 0:
                Console.WriteLine("not protected by bitlocker");
                break;
            case 1:
                Console.WriteLine("unlocked");
                break;
            case 2:
                Console.WriteLine("locked");
                break;
        }

        if ((uint)vol["ProtectionStatus"] == 2)
        {
            Console.WriteLine("unlock this driver ...");

            vol.InvokeMethod("UnlockWithPassphrase", new object[] { "here your pwd" });

            Console.WriteLine("unlock done.");
        }
    }

Note: this only works if you run Visual Studio as an administrator.

getting invalid namespace at runtime on the foreach line even though I am using System.Management. — DontFretBrett, Jul 21 '14 at 22:48
The question is about to unlock windows not about unlocking bitlocker locked drives — Laxmikant Dange, Oct 06 '14 at 12:13

score -13 · Answer 4 · answered Aug 07 '11 at 19:33

-13

No, there is no way to do this, by design. What's your scenario and why do you need to lock/unlock the workstation?

answered Aug 07 '11 at 19:33

Ana Betts

73,868
16
141
209

3

It can be done on Vista and windows 7 defiantly. Look at logmein and face recognition logins; I don't know how to do it though – Will03uk Aug 07 '11 at 19:38
1

@Will03uk: Those are done by writing a custom GINA DLL (which controls the login authentication process). – Greg Hewgill Aug 07 '11 at 19:54
1

I've just looked it up and since Vista the GINA DLL has been replaced with Credential Providers which allows more flexibility and more then one provider a time – Will03uk Aug 07 '11 at 23:21
That's not true. You can use a custom Credential provider. – Bemipefe May 19 '16 at 15:45

score -14 · Answer 5 · edited Aug 07 '11 at 19:32

-14

Of course you can't unlock it. Unlocking a session requires the user physically be there to enter their account credentials. Allowing software to do this, even with saved credentials, would be a security issue for many of the other situations where workstation locking is used.

edited Aug 07 '11 at 19:32

dtb

213,145
36
401
431

answered Aug 07 '11 at 19:30

Joel Coehoorn

399,467
113
570
794

Which is also why you need to use ctrl+alt+del – Oskar Kjellin Aug 07 '11 at 19:32
9

-1 granted, it is a security issue but as proven by logmein, possible – Will03uk Aug 07 '11 at 23:34
That's not true. You can use a custom Credential provider. – Bemipefe May 19 '16 at 15:45

Unlock Windows programmatically

5 Answers5

Linked

Related