In Lesson No. 1 we looked at SHUTGUI and the BOOT.INI file as means of remotely delivering displeasure to deserving users.
For today’s exercise you will need a snorkel and swim goggles: we’re going to take a little dive into the registry. But first, some pre-dive warm-up.
If you’re a Windows user you probably never think about the desktop. It’s just there. The Start button, My Computer, your icons, the task bar, whatever pretty picture you have as your desktop background; they just exist, right? Yes, but something puts them there. UNIX/Linux geeks who've played with X-Windows already know where I’m going with this.
There are two processes running that give you the desktop you expect to see. One is a window manager; it handles displaying applications in their windows, and putting your desktop background image on the screen. The other one is EXPLOER.EXE. Windows Explorer (in this role) puts icons on the desktop, displays the Start button and task bar, and gives you the ability to right-click on the desktop to change desktop properties. It doesn’t have to be this way. Grab your snorkel and fire up REGEDIT.
Launch Regedit and drill down to the following key:
HKEY_LOCAL_MACHINE | +- SOFTWARE | +- Microsoft | +- Windows NT | +- CurrentVersion | +- Winlogon * Shell
The default value for the Shell key is Explorer.exe. This key controls, at the system level, what program is launched when a user logs in to the machine. If it’s Explorer they get the desktop they’re expecting. If its not... You could change it to IEXPLORE.EXE (Internet Explorer), or CALC.EXE (the calculator). On login that’s all the user would get; their desktop image (provided by the window manager) and the calculator. You could set it to CMD.EXE and turn a deserving user’s PC into DOS box.
To do this to someone else’s PC, from the Registry menu in regedit select Connect Network Registry... and enter the name of your victim’s PC. Now you’re editing his registry.
How do you undo this? Change the registry key back to Explorer.exe. How do you escape it if someone does it to you? Easy ... if you have administrator rights to your PC. Press Ctl-Alt-Del and select Task Manager from the dialog that pops up. From the File menu, select New Task (Run...) and launch regedit. Find HKEY_LM, Software, Microsoft, Windows NT, CurrentVersion, Winlogon and change the value of the shell key back to Explorer.exe. Log off and log back on. All fixed.
What if you’re not a local administrator? While you’re busy conniving to either get local administrator rights to your PC, or figuring out how to beg, bribe, or cajole the joker who zapped you to put things right you can still work. (Hint: if you’re an end user who calls the helpdesk a lot with problems that you’ve caused your self, try a heartfelt apology. Then perhaps a promise to sign up for a basic Windows user class.) From Task Manager you can run any application. You can launch WINWORD, EXCEL, etc. You won’t have your icons, but you will have everything else. You can even start EXPLORER. It won't bring your icons and Start menu back, but it will let you get into the file system and work with your files and docuemtents that way (this is Explorer's other role).
Is there any legitimate reason to hack the Shell key? Certainly. If you want to create a kiosk PC that the public can use to browse the web you might change the shell to IEXPLORE.EXE and create a very restricted user account. Log on to the PC as that user; Internet Explorer will pop up and nothing more. If some clod closes IE, you can either log of / log back on, or use the Task Manager trick to re-launch IE. I imagine that you could set the shell to run the free PowerPoint viewer program, and feed it the path to the PowerPoint presentation you want it to run.
So, this one isn’t all bad, but it’s utterly confounding to the average user. Heck, we totally confused Ed the Starving Co-op Student, and we even told him what we were doing in advance! Just imagine the effect of setting the Shell to CMD.EXE, tweaking BOOT.INI to start the PC in "safe mode", and administering an abrupt restart with Shutgui. Ouch!
Lesson No. 3: What to do when you have had enough of them.