[ale] [semi-OT] confidentiality banner for Samba/Winboxes
Greg
runman at speedfactory.net
Thu Mar 6 10:03:05 EST 2003
This is done by setting up a profile for each user wherein a script runs
that displays a message box upon startup. Samba supports profiles, but you
have to set each Windows box to use remote profiles located on the Samba
server. If you set up the Windows box to use the local profile, the script
has to be on the box. Running the script uses the MS script-running service
(can't think of the exact name) - which is a HUGE security risk as all
scripts run as Administrator and it is this fact and the lack of ability to
control which scripts that run that is the reason I refuse to allow it on
any of my home machines or suggest it to other MS users - despite the real
need for this ability. MS has tried to control this script running service
as has anti-virus checkers, but it is still a really deep risk. I have been
a MS developer for awhile and this is an area where I don't even tread or
compromise, despite all of the benefits of running scripts. Way too many
exploits in the script running service for my taste & even a script kiddie
can write the dammed things since they use JavaScript and or VBScript.
You cannot control the login box itself, as it is compiled code and part of
the MS system, although it may be possible to do this via the Windows API,
but I don't have any experience with that particular API call/function
except for some simple stuff relating to other API's. Due to the monolithic
nature of the Windows OS and MS lack of documentation (some intentional and
some due to just the way MS is) it can be hard to get API info. Also, if
you do not give the *exact* number of arguments and the *exact* types or
those arguments in Windows API programming, you can completely fry your OS
resulting in a "fer shure" complete re-install. It is not something for the
meek or incompetent.
Greg
> -----Original Message-----
> From: ale-admin at ale.org [mailto:ale-admin at ale.org]On Behalf Of Mazukna,
> Thomas
> Sent: Thursday, March 06, 2003 8:49 AM
> To: 'ale at ale.org'
> Subject: RE: [ale] [semi-OT] confidentiality banner for Samba/Winboxes
>
>
> If I remember correctly from my windows programming days.....
> You will not be able to do it on Samba side, but you can "hack" the dll on
> each win box.
> All dialogs are stored as resources, so you find the right dll,
> open it with
> Ms resource editor and add the text to the dialog box.
> Save the dll and distribute it to all client boxen.
>
> anybody has a better idea?
>
> thanks,
> Tomas
>
> -----Original Message-----
> From: Christopher Bergeron [mailto:cbergeron at bass-associates.com]
> Sent: Thursday, March 06, 2003 8:42 AM
> To: ale at ale.org
> Subject: [ale] [semi-OT] confidentiality banner for Samba/Winboxes
>
>
> Does anyone know of any (ugh) Windows software that will alter the login
> box? I recall a Novell Network where we had a "confidentiality banner"
> displayed above (or it might have been below) the login prompt. Is
> there a way I can implement something like this using a Samba PDC? If I
> can't do it on the Samba side, is there a .DLL that I can hack to
> display our message to users?
>
> Anyone have any ideas in this area?
>
> Thanks,
> CB
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list