Here's how to disable the bypass. When arguing about how inherently unsecure Windows 98 is, one of the things that most people point to is the fact that Windows 98 allows basically anyone to access the desktop, whether or not they've logged into the network.
All someone has to do is press [Esc] at the login screen, and, even if you've set the Microsoft client to authenticate against your server, Windows 98 will bypass the login screen and happily take you to a default desktop.
Users won't be able to access any network data, but they can then get access to anything stored locally on the computer. Here's how to stop that from happening. This article discusses making changes to your server's registry.
Before performing any technique in this article, make sure you have a complete backup of your workstation. If you make a mistake when making changes to your workstation's registry, you may cause your server to become unbootable, which would require a reinstallation of Windows to correct.
Proceed with extreme caution. Before you begin Before you disable the bypass logon, you should ensure that your workstation already has some type of network authentication available to it. Windows 98 will maintain a local database of users, but the best way to authenticate users is against your server.
Right-click Network Neighborhood, and select Properties. Don't panic if you're not using Windows NT but are instead authenticating against some other network operating system. This content has been archived , and is no longer maintained by Indiana University.
Information here may no longer be accurate, and links may no longer be available or reliable. This contains instructions for editing the registry. If you make any error while editing the registry, you can potentially cause Windows to fail or be unable to boot, requiring you to reinstall Windows. Edit the registry at your own risk.
Always back up the registry before making any changes. Windows 9x and NT allow you to assign a drive letter in windows explorer to these shared resources so you can see them over the network just as if you were using that drive on your own computer. Usually you use windows explorer and the tools menu to map a drive and map it permanently, but users always accidently disconnect them, and in addition, you may want to force users to use a specific drive letter for a specific share for instance, you may want to force them to use the U: drive for a 'users' share ona server, etc.
You get the point. Here is some info though, when you run the net use command in win 9x, the default behavior is to create a non-persistant share, meaning that if you reboot the machine, the shares will disappear and will not come back until you run the login script again. No problem there.
The problem is that in win NT, the default behavior is to create persistant shares, so you run the login script and make the shares, and then you run it next time you log in and you get errors telling you that it is already mapped.
The solution is to leave the win95 portion of the script as I show above, but in the win nt portion of the script do this:. So as you can see we get around the problem by deleting the share first and then mapping it - we are still left with the problem that the very first time the user logs in they won't have the shares to delete, but I am not that picky Another note, if you want your net use statements not to show up, precede them with a ' ', example:.
If you want the system time of all the workstations to match the primary domain controller yes, you do Windows 9x does some bad things in terms of security - anyone attending def con 6 learned about password caching and how the domain passwords are stored in a weak format on the win9x hard drive.
This may not win you a lot of friends because the saved passwords on dial-up networking will no longer be functional, etc. Now, the tricky part - we want to disable the internal caching of passwords in windows 95 - this requires changing the registry:.
The above line will run regedit on the command line with no program output with a registry input file named nocache. Ok, as a sysadmin, as much as I hate it, I have to go to users machines sometimes to fix stuff, and it really irks me when the simple amenities that I take for granted on my own machine are not available. Let's fix that:. If you are in windows explorer and right click on a file and choose 'send to' you are given the option of sending the file to a specific application.
It is very useful to add notepad to the send to menu because if you double-click an html file, you will not edit it, you will bring up the browser and view it.
Kind of annoying if you just wanted to edit it Now all machines you play with will have notepad available in send to. If you admin win 9x machines, you need doskey to be available. If you don't know what doskey is, then you should probably learn some basic stuff before graduating to the level of login script hacker. This is also a great example of using a lopp in the login script.
I personally set up a internal web server to display the usage statistics of our main web site, and had a hosts entry for 'stats' - you can add all sorts of personalized dns style entries this way
0コメント