How to display UI on logon screen in Windows 7

Asked 19/9, 2012 at 15:34 Answered 26/11, 2012 at 13:52

I would like to display an UI that interacts with user on pre-logon screen (the screen where users usually enter their username/password)
I read that the architecture of Winlogon packages has changed and will not help me in Windows 7. I was referred to use WTS functions, however I am still not clear on how to use them or which ones.

I already created a Service which brings up a notepad.exe (for now), however I need to trigger this Service when user is in pre-logon screen. I am not sure what or how to implement that.

Milt answered 19/9, 2012 at 15:34 Comment(5)

seems relevant #4525289, obviously anything GINA hasn't worked since Vista. – Parchment 19/9, 2012 at 15:46

I am thinking that the log on screen appears before the .NET framework has a chance to load, thus making this an impossible feat in C#. However, in C++, this shouldn't be hard to do using GINA. Here is a workflow of how this is done, but no actual code examples. The Windows SDK should have some – Dyl 19/9, 2012 at 17:33

@icemanind, GINA is no longer available from Vista onwards – Stomy 19/9, 2012 at 18:8

@SeanCheshire - Did not realize that. Your answer below is probably the best solution then. – Dyl 19/9, 2012 at 18:19

So I still am not sure how to get the UI to show up at prelogon. Any suggestions? – Milt 20/9, 2012 at 1:13

what you are trying to do is use Windows Interactive Logon Architecture

Windows Vista examples here (Credential Providers)

Windows 7 technet article

Stomy answered 19/9, 2012 at 18:8 Comment(4)

Thank you for your response. I looked at credential providers, but not sure if they will allow user interaction with UI I have in mind. My UI needs to rotate the screen. Can I put that functionality inside credential providers? – Milt 19/9, 2012 at 18:55

seems the Login UI is responsible for rendering the screen, the credential provider is responsible for processing what is valid login information – Stomy 19/9, 2012 at 19:4

It seems credential providers do not allow users to interact with system related. My UI needs to rotate the screen. What other options do I have other than credential providers in order to get a UI to popup at prelogon screen? – Milt 20/9, 2012 at 5:51

msdn.microsoft.com/en-us/magazine/cc163489.aspx has a full description, along with some sample code – Stomy 20/9, 2012 at 13:18

There's a reason it's HARD to do this kind of thing. Programs are minions of users. Pre-logon, there's (typically) no user to be a minion of. Its a security thing.

Just have your service fire off when a user logs in.

Therapsid answered 19/9, 2012 at 16:54 Comment(0)

One way to get UI to show up without anybody logged in is to have a login screensaver. Your code (which could be .NET) would run after the timeout up until either you exit or somebody presses Ctrl-Alt-Del.

There are limits to what you can do as a login screensaver, but it may work for you.

Excavation answered 22/9, 2012 at 23:57 Comment(0)

From what I understand of your requirement, you want to display a custom user interface at the Credential Provider level. You can achieve this by one of the following approaches:

(1) Write a custom CP that includes your UI as a modal dialog in the SetSelected method of the credential : This approach will allow you to customize any UI. Once the modal window gets dismissed, the actual password CP gets built (assuming you wrap the default password CP).

(2) Launch the application from a Windows Service: This approach will not stop the providers from getting initialized. Basically, the Windows Service is used to launch a process in Winsta0\Winlogon desktop. You can access the process launched using Alt+TAB. Here's the basic steps you would need to use:

WTSGetActiveConsoleSessionId to get the active session ID
WTSQueryUserToken() to get the winlogon pid
DuplicateTokenEx to duplicate the token
Adjust the token privileges by calling AdjustTokenPrivileges
CreateProcessAsUser with lpDesktop as Winsta0\Winlogon

I have used both approaches. The first one is used to introduce more secure login. The second is used to launch remote access tools, cmd prompt etc.

Camilia answered 26/11, 2012 at 13:52 Comment(1)

Your second option doesn't really work in a situation where there's no interactive users logged in to the workstation, i.e. WTSQueryUserToken will fail with error code ERROR_NO_TOKEN. So how did you address it? – Imperishable 6/7, 2015 at 7:40

Recommended topics

Hot tags