Customizing Winlogon

Customizing Winlogon
The path name for the Winlogon key is HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon. When you highlight the Winlogon key, you should see a Registry snapshot (see Screen A).

If you are developing, testing, or running an NT system at home, you might want the system to perform an automatic logon each time it boots. This saves time if you crash the system regularly or bring it down and back up as part of a test or debug process. Be aware, however, that this is an easy way to bypass security. Do not implement this process on a production server without carefully considering the implications.

To implement, highlight AutoAdminLogon:REG_SZ:0, and change its value to 1. Be sure that the DefaultDomainName and DefaultUserName values are correct. They should reflect your current operating environment. Normally, the username displayed in the logon dialog is the default for this field. Specify the username for the automatic logon in DefaultUserName (e.g., Casper). Then add DefaultPassword:REG_SZ: to specify the default password (e.g., theghost).

The Winlogon key should look something like this:

AutoAdminLogon:REG_SZ:1

DefaultDomanName:REG_SZ:Backdoor

DefaultUserName:REG_SZ:Casper

DefaultPassword:REG_SZ:theghost

(the values are system-specific). Exit the Registry Editor, and log off. The system should automatically log on using the username and password you specified. To disable this feature, set AutoAdminLogon to 0, and delete the DefaultPassword value.

Another useful modification to the Winlogon key is to add a logon announcement indicating that unauthorized access to your workstation or server is prohibited. To successfully prosecute system break-ins, the courts require that you announce that your system may only be accessed by users with valid accounts. In addition, you cannot say "Welcome" to the system, because the welcome is interpreted by the courts as giving blanket permission to anyone to access your system.

Scan down the Winlogon value list, and locate LegalNoticeCaption and LegalNoticeText. When strings are assigned to these two values, an announcement appears prior to the logon screen; it is displayed until the user specifically clicks on OK. You specify two strings for the announcement box: LegalNoticeCaption for the title bar, and LegalNoticeText for the dialog. For example,

LegalNoticeCaption:REG_SZ:This is the corporate FTP Server

LegalNoticeText:REG_SZ:Unauthorized Access Prohibited

Exit the Registry Editor, and log off. When you log back on, you must acknowledge the announcement before you enter your username and password. Voilà!

You can also add a Shutdown button to the logon screen so anyone can shut down the system before logging on. To make this dangerous modification, change the value in ShutdownWithoutLogon to 1. The next time you go to log on, a Shutdown button will appear on the logon screen.