How to unlock a PC programmatically [modified]
-
Experts, I am stucking and need your help/hints. Situation: My application runs on a locked PC and should unlock the PC by request. Thats all! "Locked" means here that the user pressed "Ctrl-Alt-Del" and then the "Lock Computer" button. Means the user sees now the "Windows login screen" on his screen. Operation System: XP only - for now ;-) Details: My application runs and listens on the blocked PC for commands. One command is the "unlock the PC!". The command contains also the username, password and the domain of that user that is currently logged in. The PC should be unlocked for him! What I not want: I want no code for receiving messages - that works already fine in my application. I want not to switch the user! I want not that my application runs another application under this or that rights/user. I want not the auto login (after next reboot). I want also not to find the "Windows login screen" over his name, and sending the user and password via sendmessage... (Please think about a japanese PC and how the window title of the windows login screen looks there ;-) What I tested / found / googled: ... was always a "run as", the auto login or doesnt work (like api call "CreateProcessWithLogon" or LogonUser (advapi32)) Thank you very much in advance!
modified on Friday, July 3, 2009 4:11 AM
"My application runs on a locked PC and should unlock the PC by request." Is it an application, or is a service? If it's not a service, then it's not running at all. Btw, if one could log in to windows from some third application, which is not process at all, then i would think that there would be a bug in OS. That would enable a virus to first capture user name and password, and then login him once he goes away (?!? sounds strange) and then starts playing with just about anything on pc. Hm... what is next request, turn off his firewall? You want to control computer os without even running os? Only few services are started when you are not loged in, and all aplications are "paused", keep that on mind. First, for you application even to be running, it needs to be service (set up to start automatically, and run under local service). If you want to achive remote locking of cumputer, think of computer control without unloging user and loging him back in windows.
-
"My application runs on a locked PC and should unlock the PC by request." Is it an application, or is a service? If it's not a service, then it's not running at all. Btw, if one could log in to windows from some third application, which is not process at all, then i would think that there would be a bug in OS. That would enable a virus to first capture user name and password, and then login him once he goes away (?!? sounds strange) and then starts playing with just about anything on pc. Hm... what is next request, turn off his firewall? You want to control computer os without even running os? Only few services are started when you are not loged in, and all aplications are "paused", keep that on mind. First, for you application even to be running, it needs to be service (set up to start automatically, and run under local service). If you want to achive remote locking of cumputer, think of computer control without unloging user and loging him back in windows.
thx 4 ur fast reply. Its an application. And I still believe that the application runs, because I am not talking about the startup scenario! The user started the computer, logged in and pressed then (some times later) the Ctrl+Alt+Del keys ... as described it in my post. ;-) So please assume that the application runs and can react on commands (which are via tcp send). Also as descibed before: This works all fine, but I am not able to unlock the pc (with the known username, pw and domain...) Enver, no please be sure that this will not be finally a virus, trojan etc.!
-
thx 4 ur fast reply. Its an application. And I still believe that the application runs, because I am not talking about the startup scenario! The user started the computer, logged in and pressed then (some times later) the Ctrl+Alt+Del keys ... as described it in my post. ;-) So please assume that the application runs and can react on commands (which are via tcp send). Also as descibed before: This works all fine, but I am not able to unlock the pc (with the known username, pw and domain...) Enver, no please be sure that this will not be finally a virus, trojan etc.!
Take a look at this http://www.paralint.com/projects/aucun/[^] But this is far more complicated as one might think. More details about MS GINA http://msdn.microsoft.com/en-us/library/aa380543(VS.85).aspx[^] Or, you could use something that MS already provides, but i'm not sure how much control it does have since i never used it, it's called PSTools http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx[^] RemoteUnlock.exe is what you are searching for.
-
Take a look at this http://www.paralint.com/projects/aucun/[^] But this is far more complicated as one might think. More details about MS GINA http://msdn.microsoft.com/en-us/library/aa380543(VS.85).aspx[^] Or, you could use something that MS already provides, but i'm not sure how much control it does have since i never used it, it's called PSTools http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx[^] RemoteUnlock.exe is what you are searching for.
-
Take a look at this http://www.paralint.com/projects/aucun/[^] But this is far more complicated as one might think. More details about MS GINA http://msdn.microsoft.com/en-us/library/aa380543(VS.85).aspx[^] Or, you could use something that MS already provides, but i'm not sure how much control it does have since i never used it, it's called PSTools http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx[^] RemoteUnlock.exe is what you are searching for.
I hope you do understand that "aucun" requires some actions to force windows to use aucun instead of "msgina". But if this is for your internal application which you will install on client pc, i think that should not be a problem.
-
thank you very much! Ah, ... "Gina" - I am still fighting with "WlxInitialize" ;-) May be the other links are bringing the solution :-) Thanks!! I will report here asap when i found a solution!
aucun is implementing WlxInitialize, this is the way it works, so i guess first step would be to take a look how aucun is doing it, but its source is in c++ :(
-
Experts, I am stucking and need your help/hints. Situation: My application runs on a locked PC and should unlock the PC by request. Thats all! "Locked" means here that the user pressed "Ctrl-Alt-Del" and then the "Lock Computer" button. Means the user sees now the "Windows login screen" on his screen. Operation System: XP only - for now ;-) Details: My application runs and listens on the blocked PC for commands. One command is the "unlock the PC!". The command contains also the username, password and the domain of that user that is currently logged in. The PC should be unlocked for him! What I not want: I want no code for receiving messages - that works already fine in my application. I want not to switch the user! I want not that my application runs another application under this or that rights/user. I want not the auto login (after next reboot). I want also not to find the "Windows login screen" over his name, and sending the user and password via sendmessage... (Please think about a japanese PC and how the window title of the windows login screen looks there ;-) What I tested / found / googled: ... was always a "run as", the auto login or doesnt work (like api call "CreateProcessWithLogon" or LogonUser (advapi32)) Thank you very much in advance!
modified on Friday, July 3, 2009 4:11 AM
Without writing and replacing GINA with your own version or without using a 3rd party solution, it's not possible to do what you want and get the "fully unlocked" result, just like the user did it him/herself on the workstation.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007, 2008 -
Experts, I am stucking and need your help/hints. Situation: My application runs on a locked PC and should unlock the PC by request. Thats all! "Locked" means here that the user pressed "Ctrl-Alt-Del" and then the "Lock Computer" button. Means the user sees now the "Windows login screen" on his screen. Operation System: XP only - for now ;-) Details: My application runs and listens on the blocked PC for commands. One command is the "unlock the PC!". The command contains also the username, password and the domain of that user that is currently logged in. The PC should be unlocked for him! What I not want: I want no code for receiving messages - that works already fine in my application. I want not to switch the user! I want not that my application runs another application under this or that rights/user. I want not the auto login (after next reboot). I want also not to find the "Windows login screen" over his name, and sending the user and password via sendmessage... (Please think about a japanese PC and how the window title of the windows login screen looks there ;-) What I tested / found / googled: ... was always a "run as", the auto login or doesnt work (like api call "CreateProcessWithLogon" or LogonUser (advapi32)) Thank you very much in advance!
modified on Friday, July 3, 2009 4:11 AM
The default MS "system locked" screen runs in a secure desktop (just like UAC prompts), so that apps cannot touch it. You could implement your own GINA, but definitely not in VB.
-
The default MS "system locked" screen runs in a secure desktop (just like UAC prompts), so that apps cannot touch it. You could implement your own GINA, but definitely not in VB.
Thank you very much to all of you for the fast replies and the help and hints!!! I think you are right - I would have to write my own GINA! and yes not in VB ;-) I will stop to investigate here because also when we would found a solution for XP would GINA not work for vista! Means I will give up at this point and think about a service. More details about my project: The program on the locked PC contains a 3rd party VNC Server component. (Now should it be clear what I am trying to do, or?) The application with the VNC Server component listens for VNC connections. This works fine as long as the pc isnt locked! But what when the pc is just turned on WITHOUT once a user logged in? In this situation would my application not run and would not be able to unlock the PC - independently what ever solution we would found! Means I need a sercive! This service starts (on request) a simple application which contains "only" the VNC server component. But here we have also some problems: There isnt a desktop where the application could run "in". My solution -hopefully: The service starts the application under different user rights (with different credentials; keyword: "CreateProcessWithLogonW"). When this works, runs the application hopefully in a "virtuell" desktop and listens for VNC connections. The "other side" can then connect to the VNC server, would then see(!) the locked PC and would be able to unlock it. But this is all theory - I have to test. What I already tried is to start such an application under that user/rigths under thats a service runs, means under the SYSTEM account. I see then in the taskmanager that the application runs - but I am not able to connect to the VNC server.... I let you all know the details - when I have some ... but now: "Thank god its friday! Watching TV and drinking beer!" ;-) (J.J.Cale)
-
Thank you very much to all of you for the fast replies and the help and hints!!! I think you are right - I would have to write my own GINA! and yes not in VB ;-) I will stop to investigate here because also when we would found a solution for XP would GINA not work for vista! Means I will give up at this point and think about a service. More details about my project: The program on the locked PC contains a 3rd party VNC Server component. (Now should it be clear what I am trying to do, or?) The application with the VNC Server component listens for VNC connections. This works fine as long as the pc isnt locked! But what when the pc is just turned on WITHOUT once a user logged in? In this situation would my application not run and would not be able to unlock the PC - independently what ever solution we would found! Means I need a sercive! This service starts (on request) a simple application which contains "only" the VNC server component. But here we have also some problems: There isnt a desktop where the application could run "in". My solution -hopefully: The service starts the application under different user rights (with different credentials; keyword: "CreateProcessWithLogonW"). When this works, runs the application hopefully in a "virtuell" desktop and listens for VNC connections. The "other side" can then connect to the VNC server, would then see(!) the locked PC and would be able to unlock it. But this is all theory - I have to test. What I already tried is to start such an application under that user/rigths under thats a service runs, means under the SYSTEM account. I see then in the taskmanager that the application runs - but I am not able to connect to the VNC server.... I let you all know the details - when I have some ... but now: "Thank god its friday! Watching TV and drinking beer!" ;-) (J.J.Cale)
Hi, I have also done the same thing for XP. But have no clue, on how to do it on Vista and Windows 7. Can you give me any pointers ? Can I change locked screen of standard windows ? Thanks, Swapnil