1

我想为 Windows 7 用户实现自我重置密码功能。当登录屏幕提示域用户时,应显示忘记密码按钮,该按钮将打开密码重置向导。那么问题是如何将命令按钮添加到标准 Windows 登录屏幕?

我知道这里提到的 Windows XP 中的 GINA: Adding command button to Windows Logon screen

但是这个话题已经有 3 年的历史了,随着 Vista / Windows 7 微软提出了“Microsoft Windows Credential Provider”。

4

1 回答 1

2

Those button are called "Tiles", and they are implemented in a Credential Provider. Anything you read about a Gina will not work in Vista or later.

Those tiles a created by the LogonUI.exe process, itself launched by Winlogon.exe. LogonUI.exe runs with high priviledges. You don't want to run anything there. Besides, any wizard you run will run under the system account. Security issues aside, anything that resets the password of the current user will not work.

But let's assume that you have a solution that can reset a user's password. Like a web site (or a local application) that :

  1. Ask for the user's name
  2. Ask some security questions
  3. Connects to Active Directory to reset the password

Then here is a way to implement the functionality.

Create a user, a domain user if possible. Give it a name and a password easy to remember, like "reset" and "reset". Make shure that everybody knows the password.

Change the shell of that user to Internet Explorer, that you would be running in kiosk mode, pointing to your web application.

Now when someone wants to reset their password, here is what they will do :

  1. Use the standard Windows Credential Provider, like they do every day, but with the user "reset" and the password "reset".
  2. Instead of the normal Windows shell, they will be presented with your password reset web application.
  3. The user resets their password and they are instructed to log off using CTRLATLDEL
  4. They can log in with their own username and brand new password.

This idea can be improved upon if you are ready to write some code:

  • Instead of Internet Explorer, write a simple web application that wraps the web browser control. if the application is closed, or any other funny business, logoff.
  • Hack one of the Credential Provider samples to supply the well know password reset username and password, making password reset merely a click away
  • Change that password reset credential provider's image to reflect the password reset functionnality.
于 2012-11-09T04:54:17.153 回答