How to display UI on logon screen in Windows 7

7
votes

I would like to display an UI that interacts with user on pre-logon screen (the screen where users usually enter their username/password)
I read that the architecture of Winlogon packages has changed and will not help me in Windows 7. I was referred to use WTS functions, however I am still not clear on how to use them or which ones.

I already created a Service which brings up a notepad.exe (for now), however I need to trigger this Service when user is in pre-logon screen. I am not sure what or how to implement that.

4
c#windows-7winlogon
seems relevant stackoverflow.com/questions/4524789/…, obviously anything GINA hasn't worked since Vista.Jodrell
I am thinking that the log on screen appears before the .NET framework has a chance to load, thus making this an impossible feat in C#. However, in C++, this shouldn't be hard to do using GINA. Here is a workflow of how this is done, but no actual code examples. The Windows SDK should have someIcemanind
@icemanind, GINA is no longer available from Vista onwardsSeanC
@SeanCheshire - Did not realize that. Your answer below is probably the best solution then.Icemanind
So I still am not sure how to get the UI to show up at prelogon. Any suggestions?user1683517

4 Answers

3
votes

what you are trying to do is use Windows Interactive Logon Architecture

Windows Vista examples here (Credential Providers)

Windows 7 technet article

0
votes

There's a reason it's HARD to do this kind of thing. Programs are minions of users. Pre-logon, there's (typically) no user to be a minion of. Its a security thing.

Just have your service fire off when a user logs in.

0
votes

One way to get UI to show up without anybody logged in is to have a login screensaver. Your code (which could be .NET) would run after the timeout up until either you exit or somebody presses Ctrl-Alt-Del.

There are limits to what you can do as a login screensaver, but it may work for you.

0
votes

From what I understand of your requirement, you want to display a custom user interface at the Credential Provider level. You can achieve this by one of the following approaches:

(1) Write a custom CP that includes your UI as a modal dialog in the SetSelected method of the credential : This approach will allow you to customize any UI. Once the modal window gets dismissed, the actual password CP gets built (assuming you wrap the default password CP).

(2) Launch the application from a Windows Service: This approach will not stop the providers from getting initialized. Basically, the Windows Service is used to launch a process in Winsta0\Winlogon desktop. You can access the process launched using Alt+TAB. Here's the basic steps you would need to use:

  1. WTSGetActiveConsoleSessionId to get the active session ID
  2. WTSQueryUserToken() to get the winlogon pid
  3. DuplicateTokenEx to duplicate the token
  4. Adjust the token privileges by calling AdjustTokenPrivileges
  5. CreateProcessAsUser with lpDesktop as Winsta0\Winlogon

I have used both approaches. The first one is used to introduce more secure login. The second is used to launch remote access tools, cmd prompt etc.