Windows Pre-Login Wallpaper

October 6, 2005 2:23 AM Comments [10] Posted in Musings

PreloginIt's often useful to put information on the wallpaper of a Virtual Machine, or any Windows machine for that matter, that appears pre-login.

Put the full path in HKEY_USERS\.DEFAULT\Control Panel\Desktop\Wallpaper (string) via RegEdit. You can also set tiling on or off using the TileWallpaper (0|1) key in the same tree.

Tracked by:
"Nice tidbit: setting the Pre-Login Wallpaper" (Stefan Goßner) [Trackback]
"REBLOG: Automatic Login for Virtual Machines " (Dugie's Pensieve) [Trackback]
Comments [10]
« The Submit button on ASP.NET pages does ... | Home | Professional ASP.NET 2.0 - Coming VERY s... »
Thursday, October 06, 2005 6:04:53 AM UTC
/me refrains from making various security-related comments... ;)
Greg
Thursday, October 06, 2005 2:45:50 PM UTC
Correct me if I'm wrong, but wouldn't putting the username and password PRE-LOGIN on a virtual machine break atleast one major rule in security?
John McGuinness
Thursday, October 06, 2005 3:21:41 PM UTC
@ Greg
@ John

Probably. But it's just an example. If you look at the text of the post itself, it doesn't say anywhere that passwords on pre-login desktops are a universal good idea.

Consider servers showing the machine name and IP addres. Or a kiosk showing the nonprivileged user/password in the event of a reboot or lockout. Or the same on a client demo machine...

Scott's just showing you how to pull a trigger. It your fault if you use that knoweldge with a bazooka.

=)
Justin
Thursday, October 06, 2005 4:04:29 PM UTC
Duly noted Justin and I completely see where you're coming from.

Perhaps the example was just a bit odd to see because it's using the Administrator username and password, not the guest or non-privileged account. This concerns me because there are a lot of people out there that aren't that security conscience. They stumble across this article and think, "wow, I can do that to our production servers - what could possibly go wrong?"

I understand the trigger and bazooka analogy, I just hope others see it too.
John McGuinness
Thursday, October 06, 2005 6:44:23 PM UTC
What would be REALLY cool is if when using terminal services like this, you could LOCALLY change the login wallpaper for this type of thing (i.e. the login wallpaper is stored on your local machine and is used/overlaid on the remote session login screen). Then security is SLIGHTLY less of an issue. However, you can't so I'll just shut up. :)
John Baughman
Thursday, October 06, 2005 8:04:14 PM UTC
Maybe Scott knows exactly what he's doing and that machine is his Honeypot. ;)
James Foster
Thursday, October 06, 2005 8:31:09 PM UTC
Given the context (Virtual PC), I don't think this is a big security issue. Not something you'd want to do on an externally reachable server, but it works well for a local sandbox.
Dave
Friday, October 07, 2005 1:56:08 AM UTC
This is great, I can see this being enormously useful in our organisation. On a side note it is kinda funny how a post about wallpapers turns into a debate about security.
Jacob
Tuesday, October 11, 2005 3:16:26 AM UTC
I've seen real useful stuff on peoples screens and wallpaper including things like IP addresses, gateways, computername, dns, etc. Does anyone know where that software might be found? I've seen it used in test labs mostly.
Peter Kellner
Tuesday, October 11, 2005 4:10:36 AM UTC
BGinfo32 is nice.
Scott Hanselman
Comments are closed.
Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer’s view in any way.