Sign in
 
HomeLibraryLearnDownloadsRepositoryCommunityForumsBlog
Script Center >
Inputbox before Windows 7 logon

Răspuns Inputbox before Windows 7 logon

  • Tuesday, November 13, 2012 9:46 AM
     
     
    Sign In to Vote
    0

    Hi guys

    I'm running Windows 7 and I need to display an inputbox of a startup vbscript BEFORE logon.
    (Script does some location-depending settings.)
    On Windows XP this was possible without any problems.

    Btw: Startup script seems to work fine if executed without inputbox.
    And yes: gpo 'Always wait for the network...' is active. :-)


    Any suggestions?


    Lg
    Marcello





     

All Replies

  • Tuesday, November 13, 2012 10:13 AM
     
     
    Sign In to Vote
    0

    On Windows XP this was possible without any problems.

    How exactly did you manage to do this on WinXP?
     
  • Tuesday, November 13, 2012 10:35 AM
     
     
    Sign In to Vote
    0

    As far as I remember no big deal on XP:


    1. Made the script inclusive Inputbox


    2. Launched it by GPO
      Computer Configuration > Windows Settings > Scripts (Startup/Shutdown)
      (NOT User Configuration > Windows Settings > Scripts (Logon/Logoff))


    3. Set GPO to wait for the network
      Computer Configuration > Administrative Templates > System > Logon
      "Always wait for the network at computer startup and logon"


    Lg
    Marcello




     
  • Tuesday, November 13, 2012 11:26 AM
     
     
    Sign In to Vote
    1
    I do not know if your method worked under WinXP but it won't under Windows 7 because the InputBox method communicates with an active foreground session which you do not have prior to logging on. I also suspect that if it did work then it could be exploited in order to gain access to the machine without logging on.
     
  • Tuesday, November 13, 2012 11:57 AM
     
     
    Sign In to Vote
    0

    I do not know if your method worked under WinXP

    ;-)
    Trust me on this one. It does work on XP.

    I also suspect that if it did work then it could be exploited in order to gain access to the machine without logging on.

    It's the administrator who sets up the startup script. In our script users can just choose between eight letters.

    lg
    Marcello

     
  • Tuesday, November 13, 2012 12:14 PM
     
     
    Sign In to Vote
    0

    It's the administrator who sets up the startup script. In our script users can just choose between eight letters.

    lg
    Marcello

    An "exploit" is not something that users engage in. It's done by hackers. If Microsoft decides that having a VBScript input box prior to logging on is a vulnerability then you won't get around it.
     
  • Tuesday, November 13, 2012 2:08 PM
     
     
    Sign In to Vote
    0

    I do not know if your method worked under WinXP

    ;-)
    Trust me on this one. It does work on XP.

    I also suspect that if it did work then it could be exploited in order to gain access to the machine without logging on.

    It's the administrator who sets up the startup script. In our script users can just choose between eight letters.

    lg
    Marcello

    Your method will not work on XP either.  It will only work when the machine is restarted (hence the name 'startup' script).  After that it will not show.

    In Vista and later the logon and startup are done differently.  The startup will not display a GUI.

    You can customize the Gina to do almost anything but it must be done as a compiled program.  Search for "custom gina" for examples.

    ¯\_(ツ)_/¯

     
  • Tuesday, November 13, 2012 3:07 PM
     
     
    Sign In to Vote
    0

    Your method will not work on XP either.  It will only work when the machine is restarted (hence the name 'startup' script).  After that it will not show.

    You're wrong. There's no restart required on XP.
    (On Windows 2000 it was necessary to re-activate lan connection either programmatically or by restart. Even then I decided to re-active connection settings within the same script using shell.application object - without restart.)

    The inputbox appears right before logon mask. At this point users can choose one of eight location IDs and my script does IP settings and others.

    lg
    Marcello


     
  • Tuesday, November 13, 2012 3:14 PM
    Moderator
     
     
    Sign In to Vote
    0

    My guess is that there is not a way to do what you want past Windows XP.

    What's the purpose of the script?

    Bill

     
  • Tuesday, November 13, 2012 3:47 PM
     
     
    Sign In to Vote
    0

    My guess is that there is not a way to do what you want past Windows XP.

    What's the purpose of the script?

    Bill

    Hi Bill

    The purpose of the script was that notebook users could select their current location. The vbscript then made several settings for them: IP, printer, templates and so on. Most of them could also be done "as user" after logon - as far as they do not need special rights.  However IP settings have to be done before Login. Otherwise roaming profile can't be loaded.

    The problem now is that this script does also work on Windows 7 but only if I do not use any kind of "verbose" boxes. (msgbox, inputbox, popup)

    If I use vbscript the script fails and the startup process continues. If I use powershell the script hangs - as if it was waiting in the background for input.

    Lg
    Marcello


     
  • Tuesday, November 13, 2012 3:59 PM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Sorry, but I don't know a way to solve your problem except to take a more supported approach: Correctly configure AD sites, put computers in OUs to configure settings via GPOs, and set up DHCP appropriately. I don't think you can continue to use your old scripts past Windows XP.

    Bill

     
  • Tuesday, November 13, 2012 4:09 PM
     
     
    Sign In to Vote
    0

    I don't think you can continue to use your old scripts past Windows XP.

    I guess your Right.

    I'm quite sure there are ways I could make it work on windows 7. But I had to leave the official path. :-D

    lg
    Marcello


     
  • Tuesday, November 13, 2012 5:08 PM
     
     
    Sign In to Vote
    0

    Most of what you are asking cannot be done by a non-admin user on  any version of Windows.  A non-adminuser cannot cause a startup script to execute.  It is only executed when the PC is restarted.  A normal user cannot alter the network settings.

    It is very unclear what you are saying and what you are trying to accomplish.

    Why?

    ¯\_(ツ)_/¯

     
  • Tuesday, November 13, 2012 5:12 PM
     
     
    Sign In to Vote
    0

    My guess is that there is not a way to do what you want past Windows XP.

    What's the purpose of the script?

    Bill

    Hi Bill

    The purpose of the script was that notebook users could select their current location. The vbscript then made several settings for them: IP, printer, templates and so on. Most of them could also be done "as user" after logon - as far as they do not need special rights.  However IP settings have to be done before Login. Otherwise roaming profile can't be loaded.

    The problem now is that this script does also work on Windows 7 but only if I do not use any kind of "verbose" boxes. (msgbox, inputpox, popup)

    If I use vbscript the script fails and the startup process continues. If I use powershell the script hangs - as if it was waiting in the background for input.

    Lg
    Marcello

    In Vista and later it is possible to have the adapter choose a setting based on the detected connection. It is normally used for laptops.  Once a connection is configured the network will usually re-detect the local network and choose the saved settings.  This is done without user intervention short of plugging in the cable or detecting a WiFi port.

    ¯\_(ツ)_/¯

     
  • Tuesday, November 13, 2012 9:06 PM
     
     
    Sign In to Vote
    0

    Once again: this script runs on XP since 2008 showing up the inputbox before logon. I've never claimed that the same approach works on Windows 7. Quite the contrary: I'm here to ask if there is a way to bring W7 to show up the dialog box.

    Unlike you, who claimed:

    Your method will not work on XP either. It will only work when the machine is restarted

    ...which actually isn't correct.

    And btw: As I said before: the script functionally works on Windows 7 as long as there is no Inputbox.
    But hey listen: I feel no need to convince you.


    Lg
    Marcello



     
  • Tuesday, November 13, 2012 9:34 PM
     
     
    Sign In to Vote
    0

    And where are you placing htis 'startup' script?  Are youi defining it in a Group Policy?  Are you adding it to a share?  Are you storing it locally?

    By definitions (Microsoft wand not my definition) a startup scritp runs whenerver the system is restarted either oin a powerup or a reboot.

    Start here: http://support.microsoft.com/kb/198642?wa=wsignin1.0

    Unless you can determine what you have done to have this run when someone logs in then I cannot reproduce your problem.

    I cannot force a startup scritp to run on XP the way you are describing.  I see no way to cause this to happen. All Microsoft documentation indicates that it is impossible.

    ¯\_(ツ)_/¯

     
  • Tuesday, November 13, 2012 9:37 PM
    Moderator
     
     
    Sign In to Vote
    0

    When a startup script runs, there is no user. I don't see how what you claim happens in XP (or any OS) is possible. If someone were to respond to an InputBox command, what credentials would they have (who would they be)?

    Richard Mueller - MVP Directory Services

     
  • Tuesday, November 13, 2012 9:46 PM
    Moderator
     
     
    Sign In to Vote
    0

    Technically the user would be 'NT Authority\System'. If a user were able to interact with a script running as system, this would be a very significant security hole. It may be possible to interact with a startup script in XP, but it does not surprise me that the new logon interface implemented in Vista and later would plug this particular hole.

    Bill

     
  • Tuesday, November 13, 2012 9:52 PM
     
     
    Sign In to Vote
    0

    When a startup script runs, there is no user. I don't see how what you claim happens in XP (or any OS) is possible. If someone were to respond to an InputBox command, what credentials would they have (who would they be)?

    It's not an ordinary user account. It's a system account. On W7 when you launch this script as logged-on user you have to run it in elevated administrator mode.

    lg
    Marcello

     
  • Tuesday, November 13, 2012 10:03 PM
     
     
    Sign In to Vote
    0

    When a startup script runs, there is no user. I don't see how what you claim happens in XP (or any OS) is possible. If someone were to respond to an InputBox command, what credentials would they have (who would they be)?

    It's not an ordinary user account. It's a system account. On W7 when you launch this script as logged-on user you have to run it in elevated administrator mode.

    lg
    Marcello

    An InputBox does not require elevation under an circumstances.

    ITZ is very hard to follow what you are asking.  The critereia seem to be subtly shifting from displaying an input box from a startup script when a user log into a system to running something that requires elevation.

    None of this makes any technical sense.  Either you are not telling us all of the bits or you are misunderstanding what it is that you are seeing.

    To further complicated matters here is a statement from teh AD Microsft Team on startup and logon script post XP/WS2003.

    Hi Everyone, Mike here. Today I am discussing the default processing behavior for Group Policy scripts. Microsoft changed the default behavior of Group Policy startup and logon scripts processing from synchronous to asynchronous starting with Windows Vista and Windows Server 2008. This behavior is the same in Windows 7 and Windows Server 2008 R2. I’ve recently read some confusion regarding this policy setting.

    ¯\_(ツ)_/¯

     
  • Tuesday, November 13, 2012 10:27 PM
     
     
    Sign In to Vote
    0

    An InputBox does not require elevation under an circumstances.

    ITZ is very hard to follow what you are asking.  The critereia seem to be subtly shifting from displaying an input box from a startup script when a user log into a system to running something that requires elevation.

    None of this makes any technical sense.  Either you are not telling us all of the bits or you are misunderstanding what it is that you are seeing.

    To further complicated matters here is a statement from teh AD Microsft Team on startup and logon script post XP/WS2003.

    Hi Everyone, Mike here. Today I am discussing the default processing behavior for Group Policy scripts. Microsoft changed the default behavior of Group Policy startup and logon scripts processing from synchronous to asynchronous starting with Windows Vista and Windows Server 2008. This behavior is the same in Windows 7 and Windows Server 2008 R2. I’ve recently read some confusion regarding this policy setting.

    ¯\_(ツ)_/¯

    I repeat my words:

    On W7 when you launch this script as logged-on user
    you have to run it in elevated administrator mode.

    That's not because of the inputbox but because of the system settings made by the script. The dialog for elevated rights is not necessary, when it is started by system account or as a special task.

    OMG! I give up.

    Lg
    Marcello





     
  • Tuesday, November 13, 2012 10:32 PM
    Moderator
     
     
    Sign In to Vote
    0

    IIRC, startup scripts run as 'NT Authority\System'. If a user were to interact with a startup script (which is running as System), this would be a very significant security hole, IMO. This interaction may be possible in Windows XP, but it does not surprise me that the new logon interface implemented in Vista and later eliminates this vulnerability.

    Bill

     
  • Tuesday, November 13, 2012 10:45 PM
     
     
    Sign In to Vote
    0

    Bill. Of course I do understand this point of view.

    I've just asked a question.

    Lg
    Marcello



     
  • Tuesday, November 13, 2012 10:54 PM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    I understand. At this point I think the question is answered. If you agree, please mark the response that best answers your question.

    Thanks,

    Bill

     
  • Tuesday, November 13, 2012 11:00 PM
    Moderator
     
     
    Sign In to Vote
    0

    I admit I never tested this, because I always "knew" there is no user during startup, so there can be no interaction with a user. However, I got a startup script to work on an XP that prompts for information and writes it to the local computer. Before configuring "Always wait for the network at computer startup and logon" the script ran at shutdown. I need to test more to determine the consequences. Apparently, anonymous replied to the prompt and system acted on it.

    The startup script also runs on Windows 7 (the script first writes to a file, so I can tell it ran, then prompts, then writes the response in another file). However, I am never prompted on the Windows 7 machine. I see Wscript running in Task Manager, so I assume the script is waiting for system to reply to the InputBox statement.

    I just restarted my Windows 2000 Pro client and the startup script prompted me, just like on the XP client.

    Richard Mueller - MVP Directory Services


     
  • Tuesday, November 13, 2012 11:14 PM
     
     
    Sign In to Vote
    0

    Finally! :-)


    When ever I bring up this script, people say:

    "It's not possible."
    "How have you done this?"
    "There's need for restart."
    "There's no user before logon."
    and so on...

    I just use a startup script.
    No hack. No trick. No witchcraft.

    Lg
    Marcello



     
  • Wednesday, November 14, 2012 12:08 AM
    Moderator
     
     
    Sign In to Vote
    0

    To which I would add: Even where it works, I definitely don't recommend it, for security reasons.

    Bill

     
  • Wednesday, November 14, 2012 10:09 AM
     
     
    Sign In to Vote
    0

    To which I would add: Even where it works, I definitely don't recommend it, for security reasons.

    Although I said I understand your concerns - in my opinion they are about startup scripts in general. Startup scripts may contain critical code - without any need of inputbox. But in the end they have to be set up by someone with appropriate credentials anyway. And it's about him to know the content of the script and to decide whether user interaction is appropriate or not.
    At least until XP.


    Lg
    Marcello



     
  • Wednesday, November 14, 2012 10:31 AM
     
     
    Sign In to Vote
    0

    Btw: I've made a new startup script in the meantime... without inputbox. :-/

    Lg
    Marcello

    Update: Just found out that it's still possible to make the script showing up the inputbox before logon (by GPO) - even on Windows 7!
    However, now I don't need it anymore. X-D

    Btw: As some people seem to be confused
    about start and restart here the order of events:

    1. boot Windows
    2. computer waits for network (set by GPO)
    3. startup script runs
    4. inputbox shows up
    5. now you can select an ID and click OK
    6. settings are taken over.
      Windows XP / Windows 7:
      no restart required
      Windows 2000:
      connection settings had to be
      re-activated either by restart
      or by additional script code
    7. logon mask shows up

    Have a nice day
    Marcello


     
  • Wednesday, November 14, 2012 3:40 PM
    Moderator
     
     
    Sign In to Vote
    0
    Although I said I understand your concerns - in my opinion they are about startup scripts in general. Startup scripts may contain critical code - without any need of inputbox. But in the end they have to be set up by someone with appropriate credentials anyway. And it's about him to know the content of the script and to decide wether user interaction is appropriate or not.

    I agree that there is a place in the system management ecosystem for startup scripts. I don't agree that it's a good place to get user input due to the potential for abuse.

    Bill