Replacing Windows 7's logon screen completely?

Question

In Windows XP it was possible to substitute the logon interface for your own GINA implementation that could add additional features to the logon screen as well as implement some organisation-specific features.

I've looked at a number of MSDN articles and they all suggest that it is impossible to achieve that with the new logon system (Windows Vista and newer).

However, at the login screen or every time the SAS sequence is invoked, the LogonUI process starts up and provides a GINA-like interface for the user to interact with.

I was wondering, is it possible to roll your own implementation of LogonUI for the purpose of replacing the login/SAS UI? I couldn't find any articles on it, but I think it is a viable option.

Answer 1

Tad late, but here you go. You can create a custom credential provider with your own fields to accept logon credentials (whichever form they may take). If you want to go beyond that and build a bit of workflow, you will need to launch a modal window in the credential's SetSelected method. You can then pretty much use your GINA implementation (without the actual GINA functions). Use the CPUS type to know which mode you are running in (LOGON, LOCK_WORKSTATION, CHANGE_PASSWORD etc.) and customize your UI accordingly.

Obviously, this is not the "recommended" approach (quite hacky, actually), but it is the easiest. One caveat: you will have problems with C-A-D timeouts etc., so be prepared for some surprises.

The other, possibly more elegant way, is to build the custom credential provider with the logon/unlock screen (the right way). Then provide links to trigger other workflows (for instance, reset password). You can write custom screens that get launched when a particular link is clicked by implementing the credential's CommandLinkClicked method.

If you have time and you want to do this right, I would recommend the second approach. You will save yourself a lot of headaches down the road.