Securing The Vista Desktop Through The Registry Part I

Microsoft has a done a good job of making Vista extremely customizable. You can customize to suit your personal preferences and you can also customize to increase security.

The problem is that some of the customization has to be done via the Windows Registry. Be very careful when editing the Registry. If you accidentally delete the wrong key, you could render your Vista workstation unbootable.

Customize logon and security dialog boxes

If you have Vista configured to use the classic logon dialog box, you may want to back up this security system with a set of warning messages that are designed to act as a deterrent to anyone thinking of attempting unauthorized access. While this type of measure doesn’t add any real protection to the system, it might be all that’s needed prevent an unauthorized user from proceeding.

You can do so by adding a series of string values to the Winlogon key in the Vista registry. These modifications will add a separate warning dialog box to the logon procedure as well as add warning messages to the existing Log On to Windows, Windows Security, Computer Locked, and Unlock Computer dialog boxes.

Accessing the Winlogon key

To get started, launch the Registry Editor by typing Registry Editor in the Search field on the Start Menu and press Enter. Within the Registry Editor, open the following key: HKEY_LOCAL_MACHINE Software Microsoft WindowsNT CurrentVersion Winlogn

Adding the string values

To add a new string value to the Winlogon key, click the Edit menu and select the New | String Value command. When you see the New Value appear in the Winlogon key, you can name it using the names described in the next section Once you name a key, press [Enter] twice — once to activate the new name and once to open the Edit String dialog box. You can then add the appropriate warning messages in the Value Data text box. Let’s take a closer look:

Creating the warning dialog box

Creating the warning dialog box that appears on the screen before the classic logon dialog box is a two-step procedure. To begin, create a string value and name it LegalNoticeCaption. Then, in the Value Data text box, type in the text that you want to appear in the warning dialog box’s title bar. For example, you could type ‘Warning!’ in the text box. Then, click OK.

Next, create another string value and name it LegalNoticeText. In the Value Data text box, type in the actual warning message that you want to appear in the main area of the dialog box. For example, you might type ‘This computer belongs to {Company Name}! Unauthorized access will result in prosecution!’

As you type the message, keep in mind that the Value Data text box can hold as many characters as you wish and that the warning dialog box will display multiple lines at 64 characters per line. As such, if you want to create a multi-line message, you will need to count your characters and use blocks consisting of 64 spaces to separate the lines in your message.

Keep in mind that the LegalNoticeCaption and LegalNoticeText values may already appear in the Winlogon key. If they do, you can just double-click on each value and add your text.


Article Written by

  • rx

    Nice article but this can be done within the local security policy editor, no registry editing needed??