Get to your Windows desktop faster – secure automatic logon.

The common advice for automatically locking the computer after logging in is to create a batch file and add it to the startup folder. Unfortunately the experience isn’t very elegant, or secure. The desktop and shell will appear while applications are loading, long before the computer will lock itself. The possibility exists for someone to tamper with the computer while it is in this intermediate loading state.

A solution to this problem is to lock the computer sooner in the logon process. There are several good places within the logon process to put a task, but the one that may execute the soonest is certainly Userinit. Userinit is the first program which is executed after logon.

From MSDN: http://msdn.microsoft.com/en-us/library/aa378750(VS.85).aspx

Userinit.exe is an application that is executed when the user has logged on. It runs in the newly logged-on user’s context and on the application desktop. Its purpose is to set up the user’s environment, including restoring network uses, establishing profile settings such as fonts and screen colors, and running logon scripts. After completing those tasks, Userinit.exe executes the user shell programs. The shell programs inherit the environment that Userinit.exe sets up. The specific shell programs that Userinit.exe executes are stored in the Shell key value under the Winlogon registry key.

Add the lock command to Userinit

Create a batch file that will lock the computer:

rundll32.exe user32.dll,LockWorkStation

Name the file lock.bat and place it in the System Root. (c:\windows\system32).

Open regedit and navigate to:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

The registry value Userinit should contain the path to Userinit.exe

C:\Windows\system32\userinit.exe

Change the value to contain the lock batch file before the Userinit.exe, with a comma between.

C:\Windows\System32\lock.bat, C:\Windows\system32\userinit.exe

Log off to see the result. Note that using a batch file does not discriminate between automatic logon, and user-initiated logon. One could write a program that would only call LockWorkStation if the computer was up for less than 10 minutes.

To enable automatic logon

If automatic logon isn’t already enabled, execute control userpasswords2 at the Run prompt, and uncheck Users must enter a username and password to use this computer.

Comments

• Links

  • @davux on Twitter
  • Download GVAutoResponder
  • Download GVNotifier

• Chat with Dave

  If I don't respond, send an email!

• Advertisement

• Recent Posts

  • Zune Now Playing support for Digsby and Winamp-compatible nowplaying software.
  • GVNotifier moving forward
  • Pandora One Media Keys – Enable them!
  • GVNotifier 1.4.1
  • GVAutoResponder 1.1 is out, tons of new features!
  • GVNotifier 1.4 – an oveview
  • GVNotifier 1.4 is live
  • GVNotifier 1.4 Preview – Call History, Voicemail
  • GVNotifier 1.3.132 resolves login issues – adds new features
  • GVNotifier login issues

• DA.com

  • Register
  • Log in

• Archives

  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • June 2009
  • July 2008
  • June 2008
  • May 2008