Everhart,Glenn From: Randy Wood [Randy.Wood@nau.edu] Sent: Wednesday, April 15, 1998 1:22 PM To: ntsecurity@iss.net Subject: [NTSEC] Changing welcome screen TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net Contact ntsecurity-owner@iss.net for help with any problems! --------------------------------------------------------------------------- Michael Espinola wrote regarding changing the welcome screen: >Legal Notice Caption: >Root Key: HKEY_LOCAL_MACHINE >Subkey: \SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon >Value: LegalNoticeCaption >Type: REG_SZ >Data: [cut] Of course this is the way Microsoft would like you to do it, but there's another (better IMHO) way: Use a resource editor such as the one that comes with Visual C++ and open %SystemRoot%\system32\msgina.dll (as resources). You can change many things other than just the text. Add icons or graphics. Change the wording of error messages or alerts, etc. Loads of fun. I just love the error message that says your password is too short when really it's really too long. We've actually written our own GINA.DLL which has a customized front end so that users can get help before logging in via dialogs and other interesting things. Of course, I'm sure this isn't supported by Microsoft but it's been years since I've relied on them for support anyway. BTW - writing a replacement GINA.DLL isn't difficult. It's a great place for a trojan horse. Be sure you're locking down the WINNT tree and especially mark read-only any executables and DLLs in that tree if you care anything about security. There's also a registry entry HKLM:Software\Microsoft\Windows NT\Current Version\Winlogon\GinaDLL If you change this to something like "MYGINA.DLL" and you have the ability to add a file to the system32 directory, then you don't need to be able to modify MSGINA.DLL to wreak havoc on an NT box. Basically, make sure that your system directories are locked down as tightly as possible. -- Randy Wood (Randy.Wood@nau.edu) "Hey mister, you got any old Information Technology Services dollar bills you don't need?" Northern Arizona University P.O. Box 5100 PH: 520-523-8991 Flagstaff, AZ 86011 http://jan.ucc.nau.edu/~rwood