Very Computer

Hi,

Sorry cross-posting but if I new where exactly to
post I would probably already have the answer ;-)

How does one lock the desktop of an NT 4.0 workstation through the API?

i.e. emulate the CTL-ALT-DEL, ALT-W key sequence.

I have seen a VB shareware program called locknow that both invokes the
screen saver and locks the workstaion.  And am wondering how to do the latter.

In fact I would appreciate it if someone could explain how password protected
screen-savers work in windows nt.  I suspect it is not the saver that locks
the workstation but nt itself.  I think this is so because configuring screen
saver "foo" to be password protected and then executing foo.scr does indeed
start the screen save but doesn't seem to lock the workstation.

Any tips, suggestion or pointers would be greatly appreciated.

Thanks in advance.

Dale Wityshyn

However, you can achieve something similar by creating a new desktop
containing a dialog which could prompt for a password. The following code
creates and activates a new desktop (NT only) - you would need to add some
dialog creation/handling code to it.

Key-sequences like ALT-TAB, CTRL-ESC, etc. will *NOT* work when the desktop
is active unless you choose to handle them. The secure attention
CTRL-ALT-DEL sequence WILL work and the usual screen will appear enabling
logoff/shutdown & password changing, but not Task Manager.

I don't know what access tokens you require (if any) to run the following,
but it definitely works from an administrator account.

#define STRICT
#include <windows.h>
#include <stdio.h>

int
main()
{
  HDESK hDesk = CreateDesktop(
    "Lockit",
    0, 0, 0,
    DESKTOP_CREATEMENU |
    DESKTOP_CREATEWINDOW |
    DESKTOP_ENUMERATE |
    DESKTOP_HOOKCONTROL |
    DESKTOP_READOBJECTS |
    DESKTOP_SWITCHDESKTOP |
    DESKTOP_WRITEOBJECTS,
    0);
  if (hDesk)
    {
      printf("hDesk: %08x\n", hDesk);
      BOOL bSuccess = SwitchDesktop(hDesk);
      if (!bSuccess)
        printf("sderr %08x\n", GetLastError());
      Sleep(10000);
      CloseHandle(hDesk);
    }
  else
    printf("can't create desktop\n");
  return 0;

Quote:}

Thanks Jason,

I will play around with this and see where it takes me.

But, I am pretty sure that this can be done.  The person who wrote the
shareware I referred to in my previous post seems to have figured it out.

I am just guessing, but I think he is doing it through SendMessage.

I found the string SendMessageH in his VB executable.  Of course it may
be there for an entirely different reason.

Thanks again.

Dale.

p.s.  I couldn't get mail to you, can't seem to resolve digitivity.com.

[Newsgroups trimmed; replying by e-mail also]

The only way to lock the workstation from the application level is to turn
screen saver password protection on and then start the screen saver.
Password protection can be set by setting the following string value to
"1":
        HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaverIsSecure

Here's the easiest way to start the screen saver:

        SendMessage( GetDesktopWindow(), WM_SYSCOMMAND, SC_SCREENSAVE, 0 ) ;

Of course, you have to have a screen saver selected for this to work.

You are correct:  NT is entirely responsible for screen saver password
protection.  Big contrast with Win95, where the screen saver executable is
responsible for prompting the user and validating the password (although
unlike Win 3.1, Win95 at least provides APIs to do the work and provide a
common interface.)

HTH

One other important point:  password protection is not invoked at all if
you launch the screen saver directly; e.g.,

        ssmyst.scr /s

This is why you never need to enter a password when previewing screen
savers on NT.  Password protection is invoked only when the OS starts the
screen saver, either from a timeout or a SC_SCREENSAVE command.

Quote:>How does one lock the desktop of an NT 4.0 workstation through the API?

        ftp://barnyard.syr.edu/pub/vefatica/locknow.exe

Note: It seems to take 2-4 seconds after the screensaver is activated
for the "lock" to take effect.

/* LOCKNOW.CPP */
#include <windows.h>

int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
        PSTR szCmdLine, int iCmdShow)

{
        HKEY RegKey;
        char YES[] = "1", NO[] = "0", CurrentSetting[2];
        DWORD CSsize = 2;
        BOOL ResetToZero = FALSE;

        RegOpenKeyEx(HKEY_CURRENT_USER, "Control Panel\\Desktop",
                0, KEY_QUERY_VALUE | KEY_SET_VALUE, &RegKey);

        RegQueryValueEx(RegKey, "ScreenSaverIsSecure", NULL, NULL,
                (LPBYTE) &CurrentSetting, &CSsize);

        if ( !strcmp(CurrentSetting, "0") ) {
                RegSetValueEx(RegKey, "ScreenSaverIsSecure", 0,
                        REG_SZ, (LPBYTE) YES, 2);
                ResetToZero = TRUE;
        }

        SendMessage( GetDesktopWindow(), WM_SYSCOMMAND,
                SC_SCREENSAVE, 0 );

        if ( ResetToZero ) {
                RegSetValueEx(RegKey, "ScreenSaverIsSecure", 0,
                        REG_SZ, (LPBYTE) NO, 2);
        }

        RegCloseKey(RegKey);
        return 0;

Quote:}

 - Vince
___
   Vincent Fatica
   Syracuse University Mathematics

   http://barnyard.syr.edu/~vefatica/

Hi Vincent,

Thanks for the info.  The program you sent works fine from a console
window.

However I am trying to launch the screen saver automatically at a
predetermined time.

I use the at command as follows:

at 16:00 /interactive  d:\work\lockscreen\debug\lockscreen.exe

(note: the screen saver is configured with password protection unchecked)

When the time occurs the screen saver is indeed invoked, however the
password protection
is not enabled.  It works fine if the password protected option is checked
beforehand.

Any idea why this is so?

Thanks again.

Dale Wityshyn

On Tue, 16 Dec 1997 19:27:48 -0800, "Dale Wityshyn"

It's an interesting question.

 - Vince
___
   Vincent Fatica
   Syracuse University Mathematics

   http://www.veryComputer.com/~vefatica/

Hmmm ... ? Still an interesting question!

 - Vince
___
   Vincent Fatica
   Syracuse University Mathematics

   http://barnyard.syr.edu/~vefatica/

Hi Vincent,

I have found a (not very satisfactory) workaround to this.

If I configure the Schedule service to "Log On As" the same
user that is logged onto the workstation, it works fine with
the at command.

I am wondering if it is possible to have the program discover
who is actually logged on and modify that particular registry
entry.  Surely that is possible?

Perhaps a service which invoke a password protected screen
saver at certain times and disables it at others?

Hmm.  I guess I've got some reading to do...

I think that maybe this thread has wound a little too deep and
perhaps the question should be reworded and reposted.

Any suggestions?

Dale Wityshyn

On Wed, 17 Dec 1997 22:14:01 -0800, "Dale Wityshyn"

Quote:>Perhaps a service which invoke a password protected screen
>saver at certain times and disables it at others?

Quote:>Hmm.  I guess I've got some reading to do...

while ( TRUE ) {
        for ( int i = 1 ; i < __argc ; i++ ) {
                if ( !strncmp(__argv[i], ctime(time(NULL))+11, 5) ) {
                        /* DO THE LOCKING HERE */
                        break;
                }
        }
        Sleep(59000);

Quote:}

Just leave it running.

Quote:>I think that maybe this thread has wound a little too deep and
>perhaps the question should be reworded and reposted.

 - Vince
___
   Vincent Fatica
   Syracuse University Mathematics

   http://barnyard.syr.edu/~vefatica/