Friday 10 February 2012

Hide User Account on Welcome Screen in Windows

Windows operating system including Windows 7, Windows Vista and Windows XP allows multiple user accounts to be created on the computer, be it administrators or standard users. When there is more than one user accounts been defined and created on the PC, Windows will display Welcome Screen, with all available user accounts listed so that user can click and login.

However, showing and displaying of user accounts on the Welcome Screen is probably a weakness in the security point of view, more so if the user account is intended to be a hidden or backup user account. In fact, there is trick to make any user account or administrator account that normally been listed on the Welcome Screen to be hidden from view.
In order to hide a user account (which also means create a hidden user account) in Windows XP, Vista, or Windows 7, just go to Control Panel User module and create an additional user as usually do. If you already have an existing user that wants to be made hidden, invisible or disappeared from Welcome Screen, then go straight to guide below.
  1. Run Registry Editor (RegEdit.exe).
  2. Navigate to the following registry key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
    Note: If SpecialAccounts and UserList is not found, create new sub-key and name them accordingly.
  3. Select UserList, and in the right pane, right click on any blank space, and point to New -> DWORD (32-bit) Value.
  4. Name the new DWORD registry value name as the exact same name that match the name of the user account to be hidden.For example, if the user ID of the user account is ITNut, the name the registry value as ITNut.
  5. Double click on DWORD registry value, and set the value data to 0 in oder to hide the account from Welcome Screen.
    Tip: To display the user account on Welcome Screen again so that it’s visible again, delete the registry entry, or set the value data to 1.
  6. Exit Registry Editor.
  7. Log off or restart computer to make the change effective.
Tip: In order to login into Windows using an user account that has made hidden and invisible, just press Ctrl+Alt+Del to bring up Windows Logon dialog, and then type in the user name and password manually.

Friday 3 February 2012

Sending out Wireless Settings via GPO with Key

Microsoft are an interesting bunch. When it comes to wireless settings deployment they tend to forget that wireless networks have a passphrase required in order to connect. They provide you with tools to setup wireless profiles on machines yet don't allow you to deploy the wireless key via group policy.
You can sort of understand it from a security point of view, it is probably against some form of policy to dish out wireless keys to your users but it does mean its us poor buggers that need to manually type the key into each machine before allocating them out to members of staff or putting them in trollies for the pupils. (That is if you don't use imaging, such as Ghost/MDT/Ping)
Now after a hell of a lot of Group Policy searches via Google, there doesn't seem to be anyone who has bothered to write out a step by step guide on how to send out a wireless setting with the key pre-installed. So here I go, finally solving this damn issue that has tormented god knows how many people. The beauty of this method, is that it is Microsoft Approved, as you don't need any third party tools to do this. :)
Here we go.

1. First you need a machine, ideally freshly built, no crap on it. Windows 7 of course.

2. You need to set this machine up connected to the desired wireless connection you want, in this example we are going to say the SSID of the school is: ITMagic_WPA.

So join your network and type in the wireless key, in this example we shall say the wireless key is: NoWires12345

3. Once connected to the wireless, if you want to play around with certain settings like Infrastructure only etc, do it now. This method being taught will also allow for these customisations to be exported to :)

4. So now we have a fresh Windows 7 machine, connected to our wireless network ITMagic_WPA with the network key NoWires12345 correctly implemented.

5. Now we export it using Microsofts own NetSh Command line.

(You might be turning away now, thinking i've tried this route and didn't succeed, but if you are like me, you probably didn't have time to play with it enough to understand it. Well I found time and with a little scripting experience behind me, I figured it out. I still haven't found a website that tells you this part.)

Go to Start, type Cmd and open that black window of power. - (just open command line)

6. Type in
Netsh Wlan Show Profiles
You will be presented with a list of all the "Wireless Profiles" stored on your machine, if you have only connected to one network, you will have a massive list of.. one.

Nine times out of ten, this profile name is identical to your wireless SSID. So lets say I did it with my example profile, the command line would come back with the result:

User Profiles

all user profiles : ITMagic_WPA

Well now I know the name of my profile, I can export it. Of course I don't just export the name, I export everything, the name, the key and any extra settings I might of set.

7. To export type in:
Netsh Wlan Export Profile Name="ITMagic_WPA" key=clear

Remember to obviously replace my example with your profile name.

8. By default, this command will save this file to the ".\WirelessConnectionName" , basically, this location is found in C:\Users\YourLoggedInUser\ folder.

9. You will find an xml file named something like Wireless Network Connection - SSID.xml, so mine would be Wireless Network Connection-ITMagic_WPA.xml. Or something like that, depends if your machine is untouched and fresh.

Save the xml file to a shared area where people have access to, lets say the netlogon folder just to keep things simple, I mean if you have a designated Scripts Share on your server, by all means stick it in there, but remember to change the below script to suit your network.

14. Right, so i've saved my XML file as a shorter name called "WirelessConnect.xml" and saved it to the
\\dc-01\netlogon folder

15. In the netlogon folder, create a txt document and type in the following script:

IF EXIST C:\WirelessSet.txt GOTO _ENDNetsh wlan add profile filename="\\dc-01\netlogon\WirelessConnect.xml" user=all >>C:\WirelessSet.txt:_END

Just make sure your UNC path, points at the xml file in your share.

16. Save this file as Win7Wireless.bat or something like that

17. Go to group policy, and set this wireless script to run at start up for all the wireless 7 machines on your network, once run, it won't rerun providing there is a file called WirelessSet.txt on the C:\ on that computer.

Your wireless is now deployed, with a key.

Hope this helps a few people!!