My-T-Touch®: for Windows; Indestructible Keyboards and Indispensable Utilites; Version 1.78 Release 4; User's Guide | ||
---|---|---|
Prev | Next |
The My-T-Touch Logon Utilities provide the basic functionality of the standard Windows 2000 / XP logon. Because its underlying design is different, the following section outlines exactly how the implementation was designed, providing advanced users and system administrators information that may allow a different approach or setup to resolve any incompatibilities.
There are 4 resolutions supported - 640 x 480, 800 x 600, 1024 x 768, and 1280 x 1024. The resolution is queried via the Windows API GetSystemMetrics, and the logic uses the reported screen width against the above widths - if it is larger, then the next size up is used. Once past 1280, the 1280 x 1024 dialog display will be used.
The Legal Notification Dialog box is supported, and is exactly the same as the standard logon Legal Notification Message Box.
The Do not Display Last Username feature is supported.
The Auto Logon feature can be used with or without the My-T-Touch Logon Utility. Note that the User's shell is created via the My-T-Touch Logon Utility if it is Enabled - see notes below regarding the User shell.
Auto Logon: (1.70 update) The Shift Override is supported by the My-T-Touch Logon Utility, and so is the IgnoreShiftOverride option. This allows for maintenance support, etc. on dedicated systems. Note a physical keyboard is required, because the physical state of a shift key is required to stop the Auto Logon. For situations where bypassing the auto logon is necessary, see the DelayAutoLogon option in Configure Secure Logon .
The Allow Unauthenticated Shutdown is supported.
The USERINIT options are supported, and any additional entries are processed if properly delimited (comma expected).
The Logged on security options are supported. (1.70 update) There is now a software interface available to trigger a Secure Attention Sequence (SAS) event. There is a utility CTALTDEL.EXE (with source code) that essentially emulates a Ctrl-Alt-Del physical event. The call is to a function with the IMGLOGON.DLL called GenerateNotify.
User Shell Activation
This is the most critical aspect of the My-T-Touch Logon Utility, and extreme care and detailed testing steps were taken to ensure compatibility with existing systems. There are 6 main areas that the Logon Utility addresses, with notes & details listed.
Logon User
Environment
Activate User Profile
USERINIT
Logon Scripts
Network Logon
Logon User
The Windows API LogonUser is used to establish a valid user under the Domain, Name & Password. If successful, the returned user security token is used to create the User's Shell.
Environment
To emulate the standard Windows logon, 3 Environment variables are added:
HOMEDRIVE
HOMEPATH
LOGONSERVER
The HOMEDRIVE entry is established as the 2 character drive returned from the GetSystemDirectory - Note: a system directory as the root may cause this entry to be invalid.
The HOMEPATH is attempted as \USERS\DEFAULT, then \USERS, then \ (root) as per specification.
The LOGONSERVER is obtained from the LookupAccountName Windows API.
Activate User Profile
The User Profile is loaded via Windows API calls.
USERINIT
The USERINIT entries are established via the CreateProcessAsUser Windows API call with the established Environment. The entry is tokenized via delimiters, and each entry is processed.
Logon Script processing
The script entry is obtained via the Windows API, and is processed as tokens with CreateProcessAsUser. The GetSystemDirectory is appended with *\REPL\IMPORT\SCRIPTS\" to find the script. If the script entry contains a '.' character, then it is processed directly. Otherwise, a FindFirstFile is used with a *.*" to identify a file name to process.
Network Logon
The logon script provided via MprLogonScript supported by WinLogon is processed via tokens using the CreateProcessAsUser API.
As seen in ...