+ Post New Thread
Results 1 to 13 of 13
Network and Classroom Management Thread, Removing RMGina from CC4 in Technical; Hopefully a nice easy one. Obviously it's easy enough to remove RMGina from a CC4 system, and I'm looking at ...
  1. #1

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,948
    Thank Post
    583
    Thanked 1,019 Times in 784 Posts
    Blog Entries
    15
    Rep Power
    464

    Removing RMGina from CC4

    Hopefully a nice easy one. Obviously it's easy enough to remove RMGina from a CC4 system, and I'm looking at doing this 1. to get people used to the normal Windows logon for SR2 anyway and 2. to resolve a couple of issues caused by RMGina with locked PCs.
    However my only slight niggle is it gives users the option to change from logging onto the domain to the local PC, and worse it defaults to the local PC when you first remove it, meaning a local logon to each PC first - very time consuming.

    I've had a look in management console and can't see anything there (as they expect you to use RM Gina) but if anyone knows a solution it would be gratefully received

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    I have seen some custom ADMs around these forums (if you have a search) for Server 2003, but not sure how reliable it is. If you have Server 2008 you can set it to the domain by default.

    The other problem you may face is the local administrator password in CC3 (not sure about CC4) is relatively easy to guess as is the BIOS password, but I won't write it here. You may want to consider renaming the local administrator account on all workstations.

    Other advice I can offer is you can disable the Log on using dial-up connection tick box using this registry entry.

  3. 2 Thanks to Michael:

    dgsmith (16th March 2010), synaesthesia (16th March 2010)

  4. #3

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,948
    Thank Post
    583
    Thanked 1,019 Times in 784 Posts
    Blog Entries
    15
    Rep Power
    464
    Aha, nice one - I've just found the registry key to set the default domain, and also to remove the Options button, where you can change said domain logon. I didn't think at all about disallowing connection via dial-up so have also now done that

    I can only assume that with SR2 RM will be updating the Management Console to include new global registry options to do the above.
    Also, thankfully the local administrator passwords are not left as default - they get changed during the build process. I'm not *hugely* worried about that in primarys but it only takes one playful/curious child and then everyone knows

  5. Thanks to synaesthesia from:

    gumbygaz (17th March 2010)

  6. #4

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,139
    Thank Post
    403
    Thanked 622 Times in 568 Posts
    Rep Power
    181
    Quote Originally Posted by synaesthesia View Post
    Aha, nice one - I've just found the registry key to set the default domain, and also to remove the Options button, where you can change said domain logon. I didn't think at all about disallowing connection via dial-up so have also now done that

    I can only assume that with SR2 RM will be updating the Management Console to include new global registry options to do the above.
    Also, thankfully the local administrator passwords are not left as default - they get changed during the build process. I'm not *hugely* worried about that in primarys but it only takes one playful/curious child and then everyone knows
    Apparantly not. They'll be leaving the options in place, much to the annoyance of us people who have to answer the phone from confused end users.

    Also, thankfully the local administrator passwords are not left as default - they get changed during the build process. I'm not *hugely* worried about that in primarys but it only takes one playful/curious child and then everyone knows
    You've always been able to set these during the build?

  7. #5

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,948
    Thank Post
    583
    Thanked 1,019 Times in 784 Posts
    Blog Entries
    15
    Rep Power
    464
    Yeah, the first configuration dialogue of the build process gives 2 boxes nearer the bottom to set local admin password - do they not show for you?

  8. #6
    randle's Avatar
    Join Date
    Dec 2006
    Location
    Chelmsford, Essex
    Posts
    594
    Thank Post
    66
    Thanked 16 Times in 15 Posts
    Rep Power
    19
    I bashed the following adm template together using a few other's suggestions.

    Via GPO it allows you to set a specified default domain, allows you to disable the dial-up box and you can choose to hide the extended options although this can simply be unhidden but keeps it all tidy regardless.

    CLASS MACHINE

    CATEGORY "Logon Settings"
    POLICY "Default Domain"
    KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
    PART "Default Domain" EDITTEXT
    VALUENAME "DefaultDomainName"
    END PART
    END POLICY

    POLICY "RasDisable"
    KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
    VALUENAME "RasDisable"
    VALUEON "1"
    VALUEOFF "0"
    END POLICY

    POLICY "ShowLogonOptions"
    KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
    VALUENAME "ShowLogonOptions"
    VALUEON NUMERIC 1
    VALUEOFF NUMERIC 0
    END POLICY
    END CATEGORY
    I think all of the settings are tattooing reg settings so won't change back automatically if the policy isn't applied.

  9. Thanks to randle from:

    gumbygaz (17th March 2010)

  10. #7
    rad
    rad is offline
    rad's Avatar
    Join Date
    Jan 2009
    Location
    Middlesex
    Posts
    2,482
    Thank Post
    335
    Thanked 308 Times in 236 Posts
    Rep Power
    109
    I removed RM Gina one ICT room, never had a problem with students flicking networks (yet) only did it as a trial, no plans to roll it site wide as it will cause issues I am sure with supply teachers having tricks played on them.

  11. #8

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,139
    Thank Post
    403
    Thanked 622 Times in 568 Posts
    Rep Power
    181
    Quote Originally Posted by rad View Post
    I removed RM Gina one ICT room, never had a problem with students flicking networks (yet) only did it as a trial, no plans to roll it site wide as it will cause issues I am sure with supply teachers having tricks played on them.
    Better get them trained before Summer.

  12. #9

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,948
    Thank Post
    583
    Thanked 1,019 Times in 784 Posts
    Blog Entries
    15
    Rep Power
    464
    Problem solved - NEARLY - the below does this exactly but means you must log on using the full domain name, i.e. username@domain.internal

    In case anyone is looking to do the same, the process is as follows, but please, please use a testbed first.

    1. Create a custom machine type, I've called mine "Non-RMGina" from a copy of an existing type.
    2. Assign your testbed (then the normal systems if it works for you) to this machine type
    3. Boot the system and export the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    You wont need any keys below this location, so don't change anything else.
    Edit the key and change/add/check the following values:
    "ShowLogonOptions"=dword:00000000
    "NoDomainUI"=dword:00000001
    "DontDisplayLastUserName"="1"
    "RasDisable"="1"
    and check the default domain names are all correctly set up to suit your setup.
    4. Add the new key as a custom registry fragment for that machine type.
    5. Restart client and job done.

    For comparison purposes, below is a copy of the fragment I use. Most of it may well be unnecessary however I like to cover all bases.


    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "AutoRestartShell"=dword:00000001
    "LegalNoticeCaption"=""
    "LegalNoticeText"=""
    "PowerdownAfterShutdown"="0"
    "ReportBootOk"="1"
    "Shell"="Explorer.exe"
    "ShutdownWithoutLogon"="0"
    "System"=""
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
    "SfcQuota"=dword:ffffffff
    "allocatecdroms"="0"
    "allocatedasd"="0"
    "allocatefloppies"="0"
    "cachedlogonscount"="1000"
    "forceunlocklogon"=dword:00000000
    "passwordexpirywarning"=dword:0000000e
    "scremoveoption"="0"
    "AllowMultipleTSSessions"=dword:00000000
    "UIHost"=hex(2):6c,00,6f,00,67,00,6f,00,6e,00,75,00,69,00, 2e,00,65,00,78,00,65,\
    00,00,00
    "LogonType"=dword:00000000
    "DebugServerCommand"="no"
    "SFCDisable"=dword:00000000
    "WinStationsDisabled"="0"
    "HibernationPreviouslyEnabled"=dword:00000001
    "ShowLogonOptions"=dword:00000000
    "NoDomainUI"=dword:00000001
    "AltDefaultUserName"=""
    "AltDefaultDomainName"="DOMAINNAME"
    "DefaultDomainName"="DOMAINNAME"
    "DisableCAD"=dword:00000001
    "DCacheUpdate"=hex:b4,41,a4,d3,f6,c4,ca,01
    "UserEnvDebugLevel"=dword:00000000
    "DontDisplayLastUserName"="1"
    "CachePrimaryDomain"="DOMAINNAME"
    "RasDisable"="1"
    "Welcome"="School Name Here"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DomainCache]
    "DOMAINNAME"="domainname.internal"
    Last edited by synaesthesia; 23rd March 2010 at 10:16 AM.

  13. #10

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,948
    Thank Post
    583
    Thanked 1,019 Times in 784 Posts
    Blog Entries
    15
    Rep Power
    464
    OK, I've officially decided XP is rubbish. Hiding said options box (at least the drop down domain list) using NoDomainUI means it's always assuming you're logging on locally, forcing you to use user@domain or domain\user which is absolute folly.

    So in the meantime it's back to hoping I don't get too many support calls from staff when children do what they do best - be curious and click around :\

  14. #11
    Slewis's Avatar
    Join Date
    Jun 2007
    Location
    Bolton
    Posts
    48
    Thank Post
    2
    Thanked 11 Times in 9 Posts
    Rep Power
    16

  15. #12

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,948
    Thank Post
    583
    Thanked 1,019 Times in 784 Posts
    Blog Entries
    15
    Rep Power
    464
    No more than we've already been able to figure out I'm afraid - the difficulty is stopping people from being able to press said Options button and changing domain to their hearts content.

  16. #13
    Slewis's Avatar
    Join Date
    Jun 2007
    Location
    Bolton
    Posts
    48
    Thank Post
    2
    Thanked 11 Times in 9 Posts
    Rep Power
    16

    Smile

    Hmm.

    K, well, this may be a little bit extreme... but it seems to be the only remaining option: you can replace the Gina Dll with a custom version of your own (a GinaHook), allowing you to control it's look and features precisely, which ofc, is what RM did... but here are the links I've found on it:

    http://download.microsoft.com/downlo...115/msgina.doc
    WlxDialogBoxParam Function (Windows)

    Howto:
    Security Briefs: Customizing GINA, Part 1
    Security Briefs: Customizing GINA, Part 2

    -Edit-
    >> I think Keith means for his link to pluralsight.com/wiki in Part 1 to be pointed here now:
    http://alt.pluralsight.com/wiki/defa...izingGINA.html
    Last edited by Slewis; 30th March 2010 at 10:34 AM. Reason: Update link

SHARE:
+ Post New Thread

Similar Threads

  1. CC4 Anywhere
    By Edu-IT in forum Network and Classroom Management
    Replies: 30
    Last Post: 20th January 2010, 05:05 PM
  2. CC4 and Sims
    By rad in forum Network and Classroom Management
    Replies: 3
    Last Post: 20th September 2009, 07:07 AM
  3. 12 CC4 laptops
    By SBP in forum Our Advertisers
    Replies: 1
    Last Post: 1st July 2009, 12:17 PM
  4. CC4 or Free2teach Help Please
    By blahblah in forum Network and Classroom Management
    Replies: 2
    Last Post: 5th May 2009, 10:27 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •