Unlock Windows programmatically

Asked 7/8, 2011 at 19:25 Answered 3/2, 2016 at 10:5

In my current C# code I'm able to lock a Windows user session programmatically (same as Windows + L).

Since the app would still be running, is there any way to unlock the session from that C# program. User credentials are known. The app is running on Windows 7.

Billiot answered 7/8, 2011 at 19:25 Comment(4)

If you have the credentials (username and password) you have another problem. – Hornstein 7/8, 2011 at 19:32

Duplicate of #5764674 – Gabie 7/8, 2011 at 19:34

My recommendation is not to lock the workstation. I mean, if you want it unlocked then just refrain from locking it. – Ninebark 7/8, 2011 at 19:36

Out of curiosity, can you explain why you want the session to be unlocked automatically? What's the use case? – Samul 7/8, 2011 at 19:38

You'll need a custom windows credential provider to log in for you. Also, you'll need to save the user's credentials somewhere to log in. There are some samples in Windows SDK 7 https://www.microsoft.com/en-us/download/details.aspx?id=8279

There's a bunch of projects to get you started under Samples\security\credentialproviders.

To unlock the screen:

set the username / password in CSampleCredential::Initialize
set autologin to true in CSampleCredential::SetSelected
search the hardware provider sample for WM_TOGGLE_CONNECTED_STATUS message to see how to trigger the login
build some way to communicate with your app to trigger the unlock (local tcp server for example)

It's a pain in the ass, but it works.

Intractable answered 3/2, 2016 at 10:5 Comment(1)

I'd like to get this solution working on Windows 10 but my Windows skills are rusty. Please contact me through the site on my profile page if you'd be interested in doing some consulting work here. – Pentastyle 18/6, 2018 at 14:37

Here is some hackery to do that: http://www.codeproject.com/Articles/16197/Remotely-Unlock-a-Windows-Workstation Didn't test it myself though.

Not for .NET part, but you could also make your own custom Logon UI and inject some mechanism there. It can easily become security problem though.

Gabie answered 7/8, 2011 at 19:31 Comment(0)

-2

    var path = new ManagementPath();
    path.NamespacePath = "\\ROOT\\CIMV2\\Security\\MicrosoftVolumeEncryption"; path.ClassName = "Win32_EncryptableVolume";

    var scope = new ManagementScope(path, new ConnectionOptions() { Impersonation = ImpersonationLevel.Impersonate });

    var management = new ManagementClass(scope, path, new ObjectGetOptions());

    foreach (ManagementObject vol in management.GetInstances())
    {

        Console.WriteLine("----" + vol["DriveLetter"]);
        switch ((uint)vol["ProtectionStatus"])
        {
            case 0:
                Console.WriteLine("not protected by bitlocker");
                break;
            case 1:
                Console.WriteLine("unlocked");
                break;
            case 2:
                Console.WriteLine("locked");
                break;
        }

        if ((uint)vol["ProtectionStatus"] == 2)
        {
            Console.WriteLine("unlock this driver ...");

            vol.InvokeMethod("UnlockWithPassphrase", new object[] { "here your pwd" });

            Console.WriteLine("unlock done.");
        }
    }

Note: this only works if you run Visual Studio as an administrator.

Neale answered 1/5, 2014 at 22:12 Comment(2)

getting invalid namespace at runtime on the foreach line even though I am using System.Management. – Gallardo 21/7, 2014 at 22:48

The question is about to unlock windows not about unlocking bitlocker locked drives – Cytolysis 6/10, 2014 at 12:13

-13

No, there is no way to do this, by design. What's your scenario and why do you need to lock/unlock the workstation?

Wappes answered 7/8, 2011 at 19:33 Comment(4)

It can be done on Vista and windows 7 defiantly. Look at logmein and face recognition logins; I don't know how to do it though – Osithe 7/8, 2011 at 19:38

@Will03uk: Those are done by writing a custom GINA DLL (which controls the login authentication process). – Gauguin 7/8, 2011 at 19:54

I've just looked it up and since Vista the GINA DLL has been replaced with Credential Providers which allows more flexibility and more then one provider a time – Osithe 7/8, 2011 at 23:21

That's not true. You can use a custom Credential provider. – Torrey 19/5, 2016 at 15:45

-14

Of course you can't unlock it. Unlocking a session requires the user physically be there to enter their account credentials. Allowing software to do this, even with saved credentials, would be a security issue for many of the other situations where workstation locking is used.

Canaday answered 7/8, 2011 at 19:30 Comment(3)

Which is also why you need to use ctrl+alt+del – Hiddenite 7/8, 2011 at 19:32

-1 granted, it is a security issue but as proven by logmein, possible – Osithe 7/8, 2011 at 23:34

That's not true. You can use a custom Credential provider. – Torrey 19/5, 2016 at 15:45

Recommended topics

Hot tags