From: "Brian Eckman" <eckmanat_private> > > If someone were to find a way to bind to those hotkeys, would you > > then consider this a security issue with Windows? If so, how is > > Apple's failure to block kill calls to the screen saver not a > > security issue? > > > > Gavin > > > Windows does allow others to bind to those hotkeys. The Novell client is > a good example. The Novell NDS password can be used to unlock the screen > saver, without requiring the Windows password to be entered. Obviously > other programs could bypass the Windows authentication as well. > It's been a few years and things may have changed, but in the past Novell accomplished this by replacing the standard msgina.dll with one of their own making. Microsoft provides information on how to do this sort of thing: http://support.microsoft.com/default.aspx?scid=kb;en-us;810756 FWIW, there is even a GNU replacement (well, for NT, anyway): http://wwwthep.physik.uni-mainz.de/~frink/newgina_pre09/readme.html It seems to me, though, that if the admin replaces Microsoft's GINA, he can't complain about how (or whether) the replacement traps Ctrl+Alt+Del. I don't think (though I may be mistaken) that there's a way to trap those hotkeys when Microsoft's msgina.dll is in place and working properly. Regards, Fred Noltie
This archive was generated by hypermail 2b30 : Thu Jul 31 2003 - 14:20:10 PDT