Instead of trying to run a program on the sign-in desktop, create a user with limited privileges and use automatic logon to login with that user at startup, and auto start your program there, optionally creating an unlock screen to gain access to the system. So that said, I would turn things around. Microsoft does not want to give you the ability to run a program with all rights that can allow anyone with basic computer skills to easily hack into the system, which is basically what this will allow you to do. When you create a scheduled task or use computer startup script( not to be confused with logon script), the program starts, but you can't see the GUI still. The sign-on area is its own desktop which is why you cannot normally run a program there. As a result any program that runs here, runs as NT\SYSTEM, a user that has every right on the system imaginable.
Given that we are still at the sign-on screen, no user is logged in, so no user permissions can be retrieved. When you start a program, it has to start in a user's environment in order to get certain accessrights, etc. You are not supposed to be able to start a program on the sign on screen either, but yes, there is a way to get around that. Windows does not support what you want to achieve because it is a huge security risk.
0 kommentar(er)
