mailing list archives
Re: Login Banner
From: Gene <gyoo () attbi com>
Date: Mon, 23 Dec 2002 14:41:10 -0800
Todd Plesco wrote:
Here is a sample message:
Authorized Use Only!
You must be assigned an account to access this computer and the network.
The information on this computer and network is the property
of this organization and is protected by intellectual property rights.
Anyone using this system expressly consents to their activities being monitored.
The Graphical Identification and Authentication (GINA) at login that is displayed can be interpreted as
an invitation to breach system security. The "Welcome" caption on the dialog box cannot be changed.
However, you can enable a warning message dialog box to be displayed.
NOTE: This dialog box is presented to the user after they press CTRL+ALT+DEL and before the logon dialog
box is presented.
Windows NT and Later
To enable a warning message to be displayed, make the following changes to the registry:
Start Registry Editor.
Add or modify the following values:
From the HKEY_LOCAL_MACHINE subtree, go to the following subkey:
Name Data Type Value
LegalNoticeCaption REG_SZ Dialog Caption
LegalNoticeText REG_SZ Dialog Message
Windows 95 and Windows 98
To enable a warning message, modify the following registry key:
The string values will appear on the logon banner.
"LegalNoticeText"="No Unauthorized access allowed"
On Fri, Dec 20, 2002 at 02:11:02PM -0500, sharon_joyner () timeinc com wrote:
We have a small network consisting of an NT 4.0 Server with Win95, Win98
and W2k workstations connected to it. There are three versions of a
login banner popping up on these workstations and we need to standardize
to the one "official" version. We've changed the banner on the server,
but this has only changed some workstations. Most still have their old
login banner displaying. Can anyone tell me how can we push out the
changed login banner to all workstations?
I've been doing mainframe (acf2/racf) security for 10 years and just
started working on our NT environment (didn't lose the MF resonsibility,
though), so I apologize if this question is overly simplistic. Please be
Sharon Joyner, CISSP
IS Security Administrator
Sharon_joyner () timeinc com
This message is the property of Time Inc. or its affiliates. It may be
legally privileged and/or confidential and is intended only for the use
of the addressee(s). No addressee should forward, print, copy, or
otherwise reproduce this message in any manner that would allow it to be
viewed by any individual not originally listed as a recipient. If the
reader of this message is not the intended recipient, you are hereby
notified that any unauthorized disclosure, dissemination, distribution,
copying or the taking of any action in reliance on the information
herein is strictly prohibited. If you have received this communication
in error, please immediately notify the sender and delete this message.
i think the requestor is looking for a mechanism such as hyena or other
proprietary tool from netiq, etc... to push the changes throughout. of
course you could use the ad gpo, but since the environment is hybrid, a
small cost effective tool like hyena should be sufficient going forward
with their nt/2000 environment...
<gyoo [at] attbi [dot] com>