Database Search

match allmatch any Look in all areasLook in current areas Check all datesPrevious dayPrevious 3 daysPrevious weekPrevious fortnightPrevious monthPrevious 2 monthsPrevious 3 monthsPrevious half-yearPrevious year

TechHome

• Detect if a Workstation is Locked
• Disable Task Manager
• Display over Ctrl Alt Delete Login Dialog
• Do Not Allow Closing of WB with Ctrl Alt Del
• Enable-Disable the Ctrl-Alt-Del or Alt-Tab Keys
• Get the Close Program Window to Pop Up
• Using WinLockDll to Block Ctrl-Alt-Del

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

Detect if a Workstation is Locked

 Keywords:  console locked

---

Question:

I have a clever winbatch .exe that I've renamed to an .scr that I use to force PCs that are unattended for a number of hours to reboot as per company policy to not leave an open pc unattended. (I use kix login scripts to disable screen saver settings and force the use of this screen saver)

It works great if the user is logged in and it doesn't run at all if the machine was rebooted and not logged in (because it runs login.scr for an anauthenticated user). Both of these are fine.

My problem is if a user IS authenticated but they lock the console using ctrl-alt-delete, then their HKCU screen saver is run instead and this causes my rebooter to run. Was currious if there is any way from within winbatch to detect if the console is locked while it runs.

Answer:

When a NT/2K/XP system is locked, the console windowstation "winsta0" no longer has its "default" desktop associated with the keyboard, mouse & monitor. Instead, there is some other secured desktop [I forget the exact name of it] that is associated with the keyboard, monitor & mouse. IIRC, when a different desktop other than "default" is being used, functions like WinWaitExist() and WinExist() only see the names of windows that are on the same desktop as the script that is calling those functions.

What this is all leading up to is a test for the presence of a window named "Program Manager", which is a hidden window that the Windows Explorer creates when it is running as your desktop shell program. If your script is activated as a screen saver and it cannot find this window then should be safe to assume that the workstation has been locked and the screen saver was invoked on the secured desktop instead of on the regular "default" desktop. You can then take an action that is appropriate.

See the following script. It needs to be compiled as a .EXE file [either big or small], and then the .EXE file needs to be renamed to a .SCR extension. Please note that you must how down a CTRL key for at least 1 second to get this basic screen saver to terminate.

; CheckForLockedDesktop.wbt
;
; This script is intended to be compiled as a .EXE file and then renamed to have a .SCR extension
; so that it can be run as a screen-saver.
;


Title01 = 'Check for locked Desktop'


; Find out who we are and where we are located

AppFileSpec = IntControl(1004,0,0,0,0)
AppPath = FilePath(AppFileSpec)
AppRoot = FileRoot(AppFileSpec)
AppIniSpec = StrCat(AppPath,AppRoot,'.INI')
AppProductVer = FileVerInfo(AppFileSpec,'','ProductVersion')
AppFileVer = FileVerInfo(AppFileSpec,'','FileVersion')


if (IsDefined(Param1))
  ScrCmd = StrUpper(Param1)
else
  ScrCmd = ''
endif

if (ScrCmd != '/S')
  Message(Title01,'"/S" switch not used; not running the screen saver.')
  exit
endif


bPgmMgr = WinEXist('Program Manager')

IniWritePvt('Status','Program Manager',bPgmMgr,AppIniSpec)


BoxOpen(Title01,'Initializing')

while (@TRUE)
  if (IsKeyDown(@CTRL)) then break
  BoxText(TimeYmdHms())
  Delay(1.0)
endwhile

BoxShut()


exit

---

Another question:

Is there a way for the WinBatch script to unlock the workstation (assuming, of course, that the password is hardcoded into [known by] the script). This doesn't seem to be doable by any normal means (i.e., SendKey, MouseMove), but it should be doable in the grand scheme of things - since desktop remote control software can do it. A colleague of mine thinks that you could do it through the right combination of SendMessage calls, using WM_KEYDOWN messages or the like, but he isn't clear on all the details.

Answer:

The problem has to do with the security applied to the desktop on which the GINA displays the dialog box used to logon to and/or unlock the workstation. That desktop is not the same desktop on which the Windows Explorer desktop shell runs, and only one desktop can be visible & connected to the keyboard & mouse at any give time. When you hit CTRL+ALT+DEL, WinNT/2K/XP automatically switches the active desktop and the GINA presents you with some sort of logon/security related dialog box.

Now, in the case of products like PC Anywhere, they actually replace MSGINA.DLL with their own GINA. The end result is that they can implement some custome functionality that allows the workstation logon/unlock tasks to appear to be performed automatically, when in fact it is their modified GINA that does the work in the background.

There isn't a single Win32 API function that can be called to force a workstation to be unlocked.

Theoretically, if you add the appropriate permissions to the desktop on which the GINA's dialog boxes are displayed, then it should be possible to write a WinBatch script that can interact with the GINA's dialog boxes. However, sending CTRL+ALT+DEL is still a problem, I think...

---

Article ID:   W15527

File Created: 2003:05:13:11:28:30

Last Updated: 2003:05:13:11:28:30