Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Logon security Win 98 1
- Thread starter gcorbin
- Start date
timdodgson
Technical User
if you do not log on to ant or novell server you can do this with poledit it takes abit of getting use to but it is possible to set up different access for different users and if some one hits esc or cancel ther just get a blank screen
Hope this helps Tim Dodgson [sig]<p>Tim Dodgson<br><a href=mailto:t_dodgson@yahoo.com>t_dodgson@yahoo.com</a><br><a href= </a><br> [/sig]
Hope this helps Tim Dodgson [sig]<p>Tim Dodgson<br><a href=mailto:t_dodgson@yahoo.com>t_dodgson@yahoo.com</a><br><a href= </a><br> [/sig]
There is a registry setting so that you cannot cancel out of the login dialogue box. Unfortunantly I don't know where is, I'm actually looking for it.
However, you can purchase a product like WinBoost Gold which allows you to disable the Cancel option.
However, you can purchase a product like WinBoost Gold which allows you to disable the Cancel option.
Found it
Taken from: \topurl{
Open your registry and drill down to:
HKEY_LOCAL_MACHINE\Network\Logon
Add a string called MustBeValidated, and give it a value of 1
I should add that this is still not secure. For a little extra insurance you can simply go into your network properties and add Microsoft Family Login and make it your default logon type. This will disallow anybody creating a new account from the logon box (which you can do with the default network logon).
Regards
Taken from: \topurl{
Open your registry and drill down to:
HKEY_LOCAL_MACHINE\Network\Logon
Add a string called MustBeValidated, and give it a value of 1
I should add that this is still not secure. For a little extra insurance you can simply go into your network properties and add Microsoft Family Login and make it your default logon type. This will disallow anybody creating a new account from the logon box (which you can do with the default network logon).
Regards
-
1
- #6
gcorbin,
You can try this, as you see it can be bypassed. Further down is a trick that will work, however I don't recommend it unless you are a very experienced user.
Require Network Validation Before Allowing Windows Access
===================================================
Setting this option will require that users logging on to a Windows 95 or 98 machine must first authenticate through the network before being granted access to the local desktop. (Note: This will not effect docking stations when they are undocked.) To set this option, go to:
HKLM\Network\Logon
and create the value "MustBeValidated" (REG_DWORD) and set the value to 1 to require validation, or set the value to 0 to allow users direct access to the desktop without authenticating through the
network.
NOTE: This setting can be circumvented. If this setting and the "Don't show last user at logon" setting is enabled, a user can bypass the validation restriction by entering a bogus domain name in the Domain Logon box. When a
non-existent domain is entered, instead of receiving an error message, the user is prompted for a local logon, which can be bypassed by pressing ESC.
See Microsoft KB article Q178979 for more information. Microsoft has a released a fix that can be obtained by contacting MS support directly, but it has not been fully regression tested.
You can also add;
HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon
add string value;
LegalNoticeCaption
and
LegalNoticeText
Whatever you type between the "quotes" will show before the user gets a chance to login.
One is for what is printed on the Windows Box and the other is what is printed within the box.
==============================================
Do not attempt any of the following unless you are a very experienced user.
Let's not mince words: The Windows log-in dialog box sure is ridiculous. It sits there, asking for a user name and password. If supplied with a user name it hasn't seen before, Windows lets the stranger in. If someone wants to provide no information at all, they can simply press Escape. Granted, Windows 9x was not designed to be a secure operating system, but wouldn't it be nice if there were a simple way to ensure that only certain user name and password combinations could get past that log-in box?
Hack the Registry just a bit, and you can control who logs on to your PC. Before performing this hack, however, take the following important setup steps, or you may lock yourself out of your own PC.
You must begin by enabling user profiling on your system. Select Start, Settings, Control Panel, double-click Passwords, and click the User Profiles tab. Select the option "Users can customize their preferences and desktop settings." Also place checkmarks in front of both checkable options. Select OK.
Now create an account for yourself. From the Control Panel, double-click Users and use the wizard to add a profile for yourself. If there is no Users icon in your Control Panel, you're running the original version of Windows 95, and need to take the following step instead: Choose Start, Shut Down, select "Close all programs and log on as a different user," and click OK. When the log-in dialog box appears, enter a new user name and password. Type the password again when Windows asks for confirmation.
Now you're ready to hack the Registry. Start by navigating to the following key:
HKEY_USERS\.Default\Software\Microsoft\ Windows\CurrentVersion\Run
With the Run folder selected, select Edit, New, String Value. Type GoAway and press Enter to give the value a name. Now double-click GoAway and enter rundll.exe user.exe,exitwindowsexec. rundll.exe user.exe,EXITWINDOWS. Click OK. That's it--you can close RegEdit now.
The next time the Windows log-in box appears, you can log in with the user name and password you assigned yourself. If anyone presses Escape or enters a new user name and password, however, Windows will think it over for a bit, and then immediately log them out, returning them to the log-in dialog box.
This method is not foolproof--a savvy Windows user can probably find a way around such a minimal security strategy. But it is certainly enough to keep casual snoops out.
=============================================
Another similar way:
There is a way to set things up that offers protection against a user hitting Cancel or
just typing in a new username at the Windows logon prompt. If all you want to do is
protect against unauthorized Windows access, You can do this...
1) Run Regedit.
2) Go to, and open, the
HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run key.
3) In the right-side pane, right-click, and create a new string value called NoDefLog (it
could be another name if you wish).
4) Doubleclick on this new key and enter the string (exactly) rundll.exe user.exe,EXITWINDOWS
5) Close Regedit.
What this does is set up a situation for the Default User, which is what you are if you
hit Cancel at logon, where they are immediately exited from Windows. When a new user
is created, by typing in a new username in the logon prompt box at logon, they inherit
this key, which will cause them to be exited from windows also.
The only note on this is that if you are actually maintaining a multi-user system
(profiles), then you want to remove the above registry key/entry temporarily before
creating the new user.
For added safety I created this vb script:
which you can put on the desktop to try it out.
============BEGIN CUT=====================
Dim WSHShell
Set WSHShell = WScript.CreateObject("WScript.Shell"
WSHShell.Popup "Delete value HKCU\Software\Microsoft\Windows\CurrentVersion\Run\NoDefLog"
WSHShell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\NoDefLog"
Sub Welcome()
Dim intDoIt
intDoIt = MsgBox(L_Welcome_MsgBox_Message_Text, _
vbOKCancel + vbInformation, _
L_Welcome_MsgBox_Title_Text )
If intDoIt = vbCancel Then
WScript.Quit
End If
End Sub
================END CUT======================
Visit for more info
reghakr
You can try this, as you see it can be bypassed. Further down is a trick that will work, however I don't recommend it unless you are a very experienced user.
Require Network Validation Before Allowing Windows Access
===================================================
Setting this option will require that users logging on to a Windows 95 or 98 machine must first authenticate through the network before being granted access to the local desktop. (Note: This will not effect docking stations when they are undocked.) To set this option, go to:
HKLM\Network\Logon
and create the value "MustBeValidated" (REG_DWORD) and set the value to 1 to require validation, or set the value to 0 to allow users direct access to the desktop without authenticating through the
network.
NOTE: This setting can be circumvented. If this setting and the "Don't show last user at logon" setting is enabled, a user can bypass the validation restriction by entering a bogus domain name in the Domain Logon box. When a
non-existent domain is entered, instead of receiving an error message, the user is prompted for a local logon, which can be bypassed by pressing ESC.
See Microsoft KB article Q178979 for more information. Microsoft has a released a fix that can be obtained by contacting MS support directly, but it has not been fully regression tested.
You can also add;
HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon
add string value;
LegalNoticeCaption
and
LegalNoticeText
Whatever you type between the "quotes" will show before the user gets a chance to login.
One is for what is printed on the Windows Box and the other is what is printed within the box.
==============================================
Do not attempt any of the following unless you are a very experienced user.
Let's not mince words: The Windows log-in dialog box sure is ridiculous. It sits there, asking for a user name and password. If supplied with a user name it hasn't seen before, Windows lets the stranger in. If someone wants to provide no information at all, they can simply press Escape. Granted, Windows 9x was not designed to be a secure operating system, but wouldn't it be nice if there were a simple way to ensure that only certain user name and password combinations could get past that log-in box?
Hack the Registry just a bit, and you can control who logs on to your PC. Before performing this hack, however, take the following important setup steps, or you may lock yourself out of your own PC.
You must begin by enabling user profiling on your system. Select Start, Settings, Control Panel, double-click Passwords, and click the User Profiles tab. Select the option "Users can customize their preferences and desktop settings." Also place checkmarks in front of both checkable options. Select OK.
Now create an account for yourself. From the Control Panel, double-click Users and use the wizard to add a profile for yourself. If there is no Users icon in your Control Panel, you're running the original version of Windows 95, and need to take the following step instead: Choose Start, Shut Down, select "Close all programs and log on as a different user," and click OK. When the log-in dialog box appears, enter a new user name and password. Type the password again when Windows asks for confirmation.
Now you're ready to hack the Registry. Start by navigating to the following key:
HKEY_USERS\.Default\Software\Microsoft\ Windows\CurrentVersion\Run
With the Run folder selected, select Edit, New, String Value. Type GoAway and press Enter to give the value a name. Now double-click GoAway and enter rundll.exe user.exe,exitwindowsexec. rundll.exe user.exe,EXITWINDOWS. Click OK. That's it--you can close RegEdit now.
The next time the Windows log-in box appears, you can log in with the user name and password you assigned yourself. If anyone presses Escape or enters a new user name and password, however, Windows will think it over for a bit, and then immediately log them out, returning them to the log-in dialog box.
This method is not foolproof--a savvy Windows user can probably find a way around such a minimal security strategy. But it is certainly enough to keep casual snoops out.
=============================================
Another similar way:
There is a way to set things up that offers protection against a user hitting Cancel or
just typing in a new username at the Windows logon prompt. If all you want to do is
protect against unauthorized Windows access, You can do this...
1) Run Regedit.
2) Go to, and open, the
HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run key.
3) In the right-side pane, right-click, and create a new string value called NoDefLog (it
could be another name if you wish).
4) Doubleclick on this new key and enter the string (exactly) rundll.exe user.exe,EXITWINDOWS
5) Close Regedit.
What this does is set up a situation for the Default User, which is what you are if you
hit Cancel at logon, where they are immediately exited from Windows. When a new user
is created, by typing in a new username in the logon prompt box at logon, they inherit
this key, which will cause them to be exited from windows also.
The only note on this is that if you are actually maintaining a multi-user system
(profiles), then you want to remove the above registry key/entry temporarily before
creating the new user.
For added safety I created this vb script:
which you can put on the desktop to try it out.
============BEGIN CUT=====================
Dim WSHShell
Set WSHShell = WScript.CreateObject("WScript.Shell"
WSHShell.Popup "Delete value HKCU\Software\Microsoft\Windows\CurrentVersion\Run\NoDefLog"
WSHShell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\NoDefLog"
Sub Welcome()
Dim intDoIt
intDoIt = MsgBox(L_Welcome_MsgBox_Message_Text, _
vbOKCancel + vbInformation, _
L_Welcome_MsgBox_Title_Text )
If intDoIt = vbCancel Then
WScript.Quit
End If
End Sub
================END CUT======================
Visit for more info
reghakr
For some reason I cannot get the Microsoft Family Login box to work. I used to have it running smoothly but since I formatted my hard drive and reinstalled Windows ME the thing just won't come up. I can only get the logon box where anyone can enter any user name or hit esc to prevent logging in altogether.
Any suggestions? I'm actually an advanced user and I have tried registry tweaking and everything with no luck.
tangy
Any suggestions? I'm actually an advanced user and I have tried registry tweaking and everything with no luck.
tangy
The esay way by using poledit
Run poledit and from File menu chose
Open Registry
Local computer properties
Windows 98 Network
Access control
User-level access control
ƒt Logon
ħ Logon banner
chk this box ħ Require validation from network for access
ƒß Don¡¦t show last user at logon
ƒß Don¡¦t show logon progress
after doing so close it and relog or restart the computer.
Hope that helps
omarjed
- Status
