Customizing User Logons

from Chapter 6, Windows NT Administrator's Pocket Consultant by William R. Stanek.

To optimize workstations and servers for different workplaces and needs, Windows NT lets you customize the logon process. Most of the customizations involve modifying registry settings. In Windows NT you modify the registry using the 32-bit registry editor (REGEDT32.EXE).

This section discusses setting values for two keys in the registry.

• The Winlogon key:

   HKEY_LOCAL_MACHINE
   \SOFTWARE
   \Microsoft
   \Windows NT
   \CurrentVersion
   \WinLogon
  

• The Desktop key:

   HKEY_USERS
   \Default
   \Control Panel
   \Desktop
  

Table 6-1 Omitting the Name of the Last User to Log On

By default, Windows NT displays the name of the last user to log on to a computer. Although this is convenient if the same users access a computer repeatedly, this capability presents a potential security problem—anyone with access to the computer can use the logon dialog box to obtain a valid user name for the computer.

To omit the name of the last user logon, you need to change the Winlogon key entry for DontDisplayLastUserName. By default, the entry is set to 0, which displays the last logon user name. Change the value to 1 to omit the user name (see Table 6-1).

Note: This value may not be present in your Registry. In this case, add the field and set its value.

Table 6-2 Shutdown without Logon

The Winlogon key entry ShutdownWithoutLogon determines whether the Shutdown button is enabled in the logon dialog box. If available, anyone with physical access to the computer can use the Shutdown button to halt the system without logging on first.

By default, this button is enabled on Windows NT workstations and disabled on Windows NT servers. You can change the setting through the registry entry. A value of 0 disables the button and a value of 1 enables the button (see Table 6-2).

Table 6-3 Powerdown After Shutdown

Some computers have BIOS that allows the computer to be powered off by software. The PowerdownAfterShutdown entry lets you take advantage of this feature. If you enable this feature, a radio button labeled Shutdown and Power Off is added to the Shutdown dialog box.

By default, the value of this entry is 0 and the button is not available on the Shutdown dialog box. To enable powerdown after shutdown, set the value to 1 (see Table 6-3).

Table 6-4 Configuring Automatic Logon

Normally, Windows NT prompts you for a user name and password before you can log on to a system. However, there are times when you may want to log on automatically after the system boots. For example, if you are working with servers in a locked server room, you may want to set automatic logons (see Table 6-4). To do this, you will need to make several changes to the Winlogon key:

1. Add the AutoAdminLogon value with a data type of REG_SZ. Afterward, set this value entry to 1, which enables the feature.

2. Double-check the values for the DefaultUserName and DefaultDomain- Name entries. DefaultUserName should be set to a valid user name with administrator privileges. DefaultDomainName should be set to the current domain name.

3. Add the DefaultPassword value with a data type of REG_SZ. Then set this value to the current password for the default user.

Note: You can disable this feature at any time by changing the value of the AutoAdminLogon entry to 0.

Table 6-5 Sync Logon with Script

The RunLogonScriptSync determines whether the user is allowed to log on before the logon script finishes executing. This is disabled by default, which allows users to log on before the script finishes executing. To enable the feature, set the RunLogonScriptSync value to 1 (see Table 6-5).

Table 6-6 Displaying a Custom Logon Message

Sometimes you may want to display a message to all users before they can log on. This message could be a system use policy, a disclaimer, or any other custom message you want users to see. You can create a custom logon message using the LegalNoticeCaption and LegalNoticeText values. LegalNoticeCaption sets the caption of the message's dialog box. LegalNoticeText sets the text of the message.

When you set these entries for the Winlogon key, your custom message is displayed after Ctrl+Alt+Del is pressed and before the logon process (see Table 6-6).

Table 6-7 Setting Default Screen Saver Options

When no one is logged into a computer, the computer uses the default settings in the registry to determine how the screen saver is used. You can modify these settings using the Desktop key (see Table 6-7).

ScreenSaveActive determines whether the default screen saver is active. Set this value to 0 to disable the screen saver or 1 to enable the screen saver. The default is 1.

ScreenSaveTimeOut determines the number of seconds before the screen saver is activated. The default value is 900. You can set this to any value that suits your organization.

You can also specify the screen saver program that Windows NT uses. By default, the system uses LOGON.SCR, which is in the %SystemRoot%\ System32 folder. If you want to specify a different screen saver program, copy its executable to the %SystemRoot%\System32 folder and then use the appropriate setting for the SCRNSAVE.EXE value. If you look in the System32 folder, you'll find there are other screen savers available. These screen savers were installed with the Windows NT operating system and they include

• SCRNSAVE.SCR Default screen saver

• SS3DFO.SCR 3-D flying objects

• SSBEZIER.SCR Beziers

• SSFLWBOX.SCR Flower box

• SSMARQUE.SCR Marquee display

• SSMAZE.SCR 3-D maze

• SSMYST.SCR Mystify

• SSPIPES.SCR 3-D pipes

• SSTARS.SCR Starfield simulation

• SSTEXT3D.SCR 3-D text

Caution: You should not modify the screen saver when performing key network tasks and services on Windows NT servers. Screen savers can be processor intensive and may seriously affect the performance of the system.

Another feature you may want to set is the image that is displayed by the screen saver. By default, Windows NT stores the standard screen saver images in the %SystemRoot% folder. For workstations, the image file names are WINNT256.BMP and WINNT.BMP. For servers, the image file names are LANMAN256.BMP and LANMANNT.BMP. These represent the 256-color and the true color images used by Windows NT. Be sure to replace the default images with images of similar size and color depth.

Table 6-8 Wallpaper Settings for the Default User

Through the registry, you can also define the wallpaper settings for the default user. You assign wallpaper settings using the Desktop key.

TileWallPaper lets you tile the wallpaper to fill the background. By default, this value is set to 0. To enable tiling, set the value to 1.

Wallpaper lets you define the file to use as wallpaper. By default, Windows NT uses the default wallpaper. You can change this to any valid BMP file that is in the %SystemRoot% folder. Be sure to use a color depth that is appropriate for the system (see Table 6-8).

from Windows NT Administrator's Pocket Consultant by William R. Stanek. Copyright © 1999 Microsoft Corporation.

Click to order