Re: Custom Shell and Account Switching

From: KM (konstmor_at_nospam_yahoo.com)
Date: 12/23/04 

Date: Thu, 23 Dec 2004 02:30:15 -0800

Yaron,

> thanks for your suggestions. it seems that the FUS feature is not relevant in my case because it is not supported in a Domain
> environment.
> the reason why I can't run the Explorere shell using RunAs from the User logon is that I use local policies to disable the user
> environment. therefore, the policies will effect the Explorer that I will execute.

I am not clear what you meant here. How policies of your user account can affect Explorer that is launched under Admin account?

> I must do a full log-off and later logon again.
> the autologon feature will not help in this case because it is read by the system only on boot time and not after the system
> already booted, done auto-logon to the user and then logged-off.

This is not true. The autologon settings are read on every "logon" even which also happens when you do a log off.
Please test it on target device to see how it works. (just make sure you don't forget to set ForceAutoLogon value).

> after re-thinking the situation, the limitation I have in the development is actually not a problem. I will create another
> security-layer to the user and Admin, where:
> 1. user works in a limited custom shell and can only operate application and turn-off the machine.
> 2. a technical support technician can enter a "settings" menu where it can

And how technician can enter (see) the Setting menu?

KM

> change a few settings of the user's custom-shell and can log-off the user to recieve the Ctrl-Alt-Delete logon screen. the
> Settings menu will only have a "save changes" button to commit the changes using the EWF.
> 3. a network Administrator with the Administrator account password can enter the local Admin account using its credentials and
> recieve a full-featured Explorer Shell and the ability to enable/disable the EWF.
>
> thanks for your help.
> I hope my toughts will help someone else too.
>
> Cheers,
>
> YaronM
>
>
> "KM" <konstmor@nospam_yahoo.com> wrote in message news:OwMx9gM6EHA.4040@TK2MSFTNGP14.phx.gbl...
>> Yaron,
>>
>> Do you want to log in to the Administartor account automatically?
>> If so, you can play with Autologon settings to switch the user/password to Administrator account.
>> Also make sure that [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon],"ForceAutoLogon"="1"
>>
>> As soon as you logged on to Administator account, you can switch AutoAdmin setttings back to the User account.
>>
>> KM
>>
>>> Hi,
>>>
>>> I'm working on a custom shell for my XPe system (written in VB6).
>>> the system should automatically login to a limited-user account and run the shell.
>>> I need to add a button to the shell that when clicked will automatically log-off the current limited-user and login again as the
>>> administrator.
>>> I'm not sure how can it be done because the log-off process kills all running processes so that the batch/script can't continue
>>> to load the admin..
>>> I thought maybe I should somehow use the Fast-User-Switching feature for that purpose but I don't know how to do that.
>>>
>>> my main purpose of doing that is to create a secure working environment through a limited-user using a custom-shell, but still
>>> allowing an Administrator
>>> to easily switch back to the Explorer shell without having to log-off and re-login.
>>>
>>> If you have any ideas or tips I would really appreiciate your help.
>>>
>>> thanks,
>>>
>>> YaronM
>>
>>
>
>

Loading