locked
How to programmatically unlock a desktop? RRS feed

  • Question

  • I'm been asked to create a Gina replacement that will automatically unlock a locked desktop when a biometric condition is met. An additional constraint on the task is that my Gina acts as a front end to MsGina (essentially a pass through Gina, does not display its own dialog boxes and such). Given that the domain, username and password values are known to my software, how can I leverage this to unlock a locked workstation?

    The thing that is holding me up is LsaLogonUser's use of the LUID that is coming in on the WlxLoggedOutSAS. I don't see anyway to synthesize this.

    Given that there is not going to be be a call to Gina's WlxLoggedOutSAS, is there anyway I can programmatically unlock the computer?

    Richard Lewis Haggard
    Wednesday, January 21, 2009 6:22 PM

Answers

  • The suggested approach had an attribute that rendered it unusable for my purposes - it works by changing desktops, not by reauthenticating a user. As far as the system is concerned, the user was still locked out even though the user's desktop was up and active.

    I ended up solving this problem by writing a passthrough gina replacement to collect a user's login credentials. My first attempt was to search the desktop for a window that had the attributes of the unlock dialog and then filled the various edits in with the user's values before sending button down and up to the dialog's button. This was done because of time constraints (a board room demo and 2 hours to get it done). The second attempt was less of a hack - it called LsaLogon with the values appropriate for unlocking a desktop.

    The manner in which this action got triggered was somewhat convoluted. An event was created that used an almost null DACL (code was based on Richter's sample) because otherwise there are security considerations when an event is created in user land and then consumed in SYSTEMville. In the end, problem solved.


    Richard Lewis Haggard
    • Marked as answer by RickLH Thursday, January 29, 2009 9:45 PM
    Thursday, January 29, 2009 9:45 PM

All replies

  • Done by others already, though not well tested and may have problems on Windows Vista:
    http://www.codeproject.com/system/RemoteUnlock.asp 

    MSMVP VC++
    • Proposed as answer by Karin Meier Friday, January 23, 2009 7:40 PM
    Wednesday, January 21, 2009 7:58 PM
  • The suggested approach had an attribute that rendered it unusable for my purposes - it works by changing desktops, not by reauthenticating a user. As far as the system is concerned, the user was still locked out even though the user's desktop was up and active.

    I ended up solving this problem by writing a passthrough gina replacement to collect a user's login credentials. My first attempt was to search the desktop for a window that had the attributes of the unlock dialog and then filled the various edits in with the user's values before sending button down and up to the dialog's button. This was done because of time constraints (a board room demo and 2 hours to get it done). The second attempt was less of a hack - it called LsaLogon with the values appropriate for unlocking a desktop.

    The manner in which this action got triggered was somewhat convoluted. An event was created that used an almost null DACL (code was based on Richter's sample) because otherwise there are security considerations when an event is created in user land and then consumed in SYSTEMville. In the end, problem solved.


    Richard Lewis Haggard
    • Marked as answer by RickLH Thursday, January 29, 2009 9:45 PM
    Thursday, January 29, 2009 9:45 PM