You need Resource Kit 2003 and this command:
ntrights -u "username" +r SeDenyInteractiveLogonRight
User rights explanation:
SeNetworkLogonRight Access this computer from the network
SeInteractiveLogonRight Log on locally
SeBatchLogonRight Log on as a batch job
SeServiceLogonRight Log on as a service
SeDenyNetworkLogonRight Deny access this computer from the network
SeDenyInteractiveLogonRight Deny log on locally
SeDenyBatchLogonRight Deny log on as a batch job
SeDenyServiceLogonRight Deny log on as a service
SeCreateGlobalPrivilege Create global objects
SeDebugPrivilege Debug programs
SeDenyRemoteInteractiveLogonRight Deny log on through Terminal Services
SeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation
SeImpersonatePrivilege Impersonate a client after authentication
SeManageVolumePrivilege Perform volume maintenance tasks
SeRemoteInteractiveLogonRight Allow log on through Terminal Services
SeSyncAgentPrivilege Synchronize directory service data
SeUndockPrivilege Remove computer from docking station
Add new user in Windows 8:
Install Resourse Kit 2003:
Set installation path:
Run in CMD with administrative priveleges: Disable interactive user logon. OS version info.
How to rus CMD with administrative priveleges:
Logoff:
shutdown /l
Don't log in to user without interactive logon priveleges - don't view the new user.
Enable, disable interactive logon priveleges. Add user to list:
Select user without interactive logon priveleges:
Not login, return at logon screen.
All works. Good luck!
Note: Go to this registry key:
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList"
AndreyT 0 DWORD - may be hidden, needs test and restart.
With Windows 7 (not sure about subsequent versions) you can create a scheduled task that is triggered by a specific event and that displays a message.
I have not tested this however so I am not sure how well it works and/or if it works for every type of login.
But you could do as follows, using that Event ID 4624 as an example:
Navigate to Task Scheduler (e.g. by right-clicking on "Computer" in Start Menu and selecting Manage...) and click on Create Basic Task...:
Give the Task at least a name:
Click Next and select "When a specific event is logged":
Click Next and select these values:
- Log: Security
- Source: Microsoft Windows security auditing.
- Event ID: 4624
Click Next and select "Display a message":
Click Next and enter the message parameters:
Click Next and Finish:
Best Answer
You are right in that the best way to customize the logon process is to create your own version of GINA.
Another alternative for
Windows XP
is to hack theC:\Windows\System32\logonui.exe
file. Make a backup of thelogonui.exe
file, then useResource Hacker
or other resource editors to edit the messages / bitmaps within the file. There is a simple explanation here.Kiosk Mode
You may want to investigate Windows XP Kiosk Mode. You can enable it by editing the
Registry
, go toHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
and editShell
, and replace the Value data with something likeiexplore -k http://www.yourcompany.com
Microsoft used to ship Windows Steady State, but unfortunately it is discontinued since July 2008. Here are some alternatives.