Stopping the Windows 9x Login
What...
Microsoft Windows 9x (Windows 95, Windows 98) have a bizarre feature: It
wants the user to login to Windows before it will let the user use it.
While this initially looks like a good security option, it is a pathetic
joke -- a simple tap of the ESC key will get you past it. If using
a network, this can result in MULTIPLE login requests -- the first one
from the network client, the second from Windows if the passwords don't
match.
Why...
If you were thinking I was going to explain Microsoft's logic here, no.
Even if I cared to, I couldn't. Security that can be evaded with
the tap of one obvious key (or the click on the obvious "Cancel" button)
is NOT security by anyone but Microsoft's definition. Rather, I'm
going to explain why you want to stop this idiot action.
-
Utility: There is no benefit to this login
-
Annoyance: This extra login prompt is at best annoying to the user, at
worst, downright confusing.
-
Security: Again in what can only be called an amazing stunt of idiocy,
Microsoft STORE THE PASSWORD you enter in a set of files in the C:\WINDOWS
directory called <username>.PWL. A very basic rule of security
is you don't leave passwords laying around where the public can get to
them. As it is implemented, one can simply pull *.PWL from the Windows
directory of a machine, and run the files through a password cracker and
you now know the victim's password for the network and who knows what else
(hint: People usually reuse passwords).
O.k., plenty of reason to disable this "feature".
How...
Much to my embarrassment, I only found the solution to this problem recently,
and worse, it has been available for some time. Microsoft published
Knowledgebase Article Q140557 on this topic here:
http://support.microsoft.com/support/kb/articles/q140/5/57.asp?id=Q140557
The relevant details are included here, in case Microsoft decides that
with the release of XP, no one needs to worry about 9x anymore...
Add the following registry key, using REGEDIT:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
Network\DisablePwdCaching = 1
That's all one line, and the variable DisablePwdCaching is a DWORD value.
There are a couple other things that can be done to simplify this process:
Create a file with the following contents (between the lines):
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Network]
"DisablePwdCaching"=dword:00000001
save it to a file with the extension of ".REG", and double click on
this file.
Or, download and use this file.
While the above Knowledgebase article indicates this is for Windows
95, I have found it works well with Windows 98, as well.
I recommend the installation of this fix on all network connected machines.
After installing this fix, delete *.PWL from the C:\WINDOWS directory.
The truly security conscious might think I haven't gone quite far enough
here, but then, the truly security conscious wouldn't be running Windows.
Holland Consulting home
page
Contact Holland Consulting
since November 25, 2001
(C)opyright 2001, Nick Holland, Holland Consulting
Published: 11/25/2001
Revised: 11/25/2001