cheeseslice Posted December 11, 2008 Share Posted December 11, 2008 Hello all, I need a bit of help and a few ideas on how to slove a problem that I am having. The network I work on runs with xp pro workstations logging into a windows 2003 ad, we have a customised msgina.dll which only gives the user the ability to log in with a username and password, so that they can't change the domain or log in locally to the machine. I should add that this work was contracted out to a 3rd party a few years ago. The problem that I have is when a network card fails. The original cards are onboard and the new cards(which we have a huge supply of) need the drivers to be installed, so when this card fails I can't get into the machine to install the new drivers and get the machine back onto the network. The 3rd party who has the contract will of course rebuild the machine for me with the new driver at a ridiculous cost per unit. I had thought that there was maybe a way of using a live linux cd to boot up the machine and copy the drivers over so that they could be picked up automatically by windows on the next boot but I can't seem to get this to work, so I was wondering if there was a way to write a script in autoit that I could put on a boot cd which would let me login as the local administrator. The local admin username and password is the same for every machine so I could just have that in the script already to save me needing a gui. As a matter of interest, should I be able to copy drivers over using knoppix? I don't know if this question should be in the general chat or here, hopefully someone can give me a simple solution. Many thanks Link to comment Share on other sites More sharing options...
ChrisL Posted December 11, 2008 Share Posted December 11, 2008 I'm not so sure AutoIt is what you need for this, have you looked at Bart PE?http://www.nu2.nu/pebuilder/ [u]Scripts[/u]Minimize gui to systray _ Fail safe source recoveryMsgbox UDF _ _procwatch() Stop your app from being closedLicensed/Trial software system _ Buffering Hotkeys_SQL.au3 ADODB.Connection _ Search 2d Arrays_SplashTextWithGraphicOn() _ Adjust Screen GammaTransparent Controls _ Eventlogs without the crap_GuiCtrlCreateFlash() _ Simple Interscript communication[u]Websites[/u]Curious Campers VW Hightops Lambert Plant Hire Link to comment Share on other sites More sharing options...
Danny35d Posted December 11, 2008 Share Posted December 11, 2008 You can use knoppix or ChrisL suggestion BartPe. Boot up the computer with the cd and go to folder DriverLetter:\windows\system32 look for MSGINA.DLL and renamed to MSGINA.OLD, then copy the M$ original MSGINA.dll. If you have winxp cd you can find it at i386\MSGINA.DL_ uncompress this file and used. Restart the computer and you would be able to login with the local account. Once you are done loading the drivers boot up with the cd and removed msgina.dll and rename msgina.old back to msgina.dll Good luck! AutoIt Scripts:NetPrinter - Network Printer UtilityRobocopyGUI - GUI interface for M$ robocopy command line Link to comment Share on other sites More sharing options...
cheeseslice Posted December 11, 2008 Author Share Posted December 11, 2008 You can use knoppix or ChrisL suggestion BartPe. Boot up the computer with the cd and go to folder DriverLetter:\windows\system32 look for MSGINA.DLL and renamed to MSGINA.OLD, then copy the M$ original MSGINA.dll. If you have winxp cd you can find it at i386\MSGINA.DL_ uncompress this file and used. Restart the computer and you would be able to login with the local account. Once you are done loading the drivers boot up with the cd and removed msgina.dll and rename msgina.old back to msgina.dllGood luck!Hi,I have tried doing it this way but for some reason it still seems to keep the login box that they have customised, is there another way they could have done this that doesn't involve the msgina file? Or maybe they have it check for their version of msgina.dll while the machine is booting and overwrite any rogue file that has been put in it's place.I'm at a bit of a loss at the minute.Thanks Link to comment Share on other sites More sharing options...
PsaltyDS Posted December 11, 2008 Share Posted December 11, 2008 (edited) Hi,I have tried doing it this way but for some reason it still seems to keep the login box that they have customised, is there another way they could have done this that doesn't involve the msgina file? Or maybe they have it check for their version of msgina.dll while the machine is booting and overwrite any rogue file that has been put in it's place.I'm at a bit of a loss at the minute.ThanksAssuming the network was configured for DHCP and does not require customized TCP/IP config of the NIC, you should be able to boot to KNOPPIX, BART PE, or whatever, copy the *.inf file for the new NIC to %WINDIR%\inf\, and the *.sys file to %WINDIR%\System32\drivers\. On booting back to Windows you have a shot at a PNP install of the NIC and auto detection of the network. I haven't test this, and registry hacks may also be required, but I believe you might effectively achieve the driver install externally to the OS.Of course, to avoid this in the future assuming you can't replace the msgina.dll, an option is to have two NICs available in every machine anyway, i.e. an on-board port on the motherboard and a PCI-NIC. Both installed and enabled, but only one has a network cable in it. On failure of one, you just move the cable to the other. Maybe even a USB-dongle NIC for which the driver was loaded and configured, but the dongle is only plugged in for a casualty mode. P.S. And once booted into some other live CD OS, why can't you replace the msgina.dll only long enough to fix the NIC then put it back the way it was afterwards? Edited December 11, 2008 by PsaltyDS Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
LarryDalooza Posted December 11, 2008 Share Posted December 11, 2008 Did they replace msgina.dll? (unlikely)... more likely, they pointed ... HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon , GinaDll to their GINA. Login as local admin in safe mode. Reset local admin with linux boot CD if needed. Delete the GinaDll entry. boot normal and login as local admin. do your business... put GinaDll entry back into registry... reboot. Lar. AutoIt has helped make me wealthy Link to comment Share on other sites More sharing options...
PsaltyDS Posted December 11, 2008 Share Posted December 11, 2008 (edited) Did they replace msgina.dll? (unlikely)... more likely, they pointed ...HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon , GinaDllto their GINA.Good point.Login as local admin in safe mode. Reset local admin with linux boot CD if needed.There's the rub, it still uses the graphical logon in Safe Mode or Safe Mode With Commandline. I haven't been able to test that, will it revert to the normal or local-only graphical logon? P.S. And with yet another option: Did he try to just replace the NIC with another of the exact same type, therefore not requiring the driver change in the first place? Edited December 11, 2008 by PsaltyDS Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
ProgAndy Posted December 11, 2008 Share Posted December 11, 2008 (edited) try to use bartpe with regedit: http://regeditpe.sourceforge.net/ Edited December 11, 2008 by ProgAndy *GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes Link to comment Share on other sites More sharing options...
cheeseslice Posted December 11, 2008 Author Share Posted December 11, 2008 P.S. And with yet another option: Did he try to just replace the NIC with another of the exact same type, therefore not requiring the driver change in the first place? Thanks for the ideas, I'll be trying them first thing in the morning. I couldn't replace the card like for like because the original cards are onboard, that and someone else ordered 100 of these intel network cards a couple of years ago and they are not pnp.What I did to test the msgina earlier was to download a spanish msgina file and replace it with that using knoppix. The logon screen did not change, apart from the title of the logon window, but the shutdown screen was totally changed to the spanish version.I don't know what exactly this proves other than I need to be looking at more than just the msgina file. I think the first place to start in the morning is to scan the registry for any entries pointing to another gina file and see what I can come up with.I'm nearly sure, not 100%, that safe mode is covered too. This is so the company gets stung every time we need something like this done, contract runs for another 2 years. We get caught out like this on hard drive failures too, if a drive breaks I replace it but they charge and extortionate amount of money to pull an image from the server and put it back on the domain.I had started cloning the drives of any machines that I thought were on their last legs but there is only so much of that you can do.Thanks again Link to comment Share on other sites More sharing options...
cheeseslice Posted December 12, 2008 Author Share Posted December 12, 2008 Hi, I went through the registry on a working machine and sure enough there was an entry pointing to their custom gina at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon So I logged back into the machine using knoppix and I tried replacing their gina with my orginal Xp, when I booted up I got an error message alerting me to the fact that their gina had been removed or had become corrput. So my next option is to do as was suggest and edit the registry and delete their entry. This is where I know have another problem, I have used both regedit and chntpw, both load up the registry fine but I cannot see the Winlog key to delete it or change it. Am I missing something simple? Thanks again for all the help Link to comment Share on other sites More sharing options...
cheeseslice Posted December 12, 2008 Author Share Posted December 12, 2008 Hi,I went through the registry on a working machine and sure enough there was an entry pointing to their custom gina at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSo I logged back into the machine using knoppix and I tried replacing their gina with my orginal Xp, when I booted up I got an error message alerting me to the fact that their gina had been removed or had become corrput. So my next option is to do as was suggest and edit the registry and delete their entry. This is where I know have another problem, I have used both regedit and chntpw, both load up the registry fine but I cannot see the Winlog key to delete it or change it. Am I missing something simple?Thanks again for all the help I figured it out.For some reason it was showing the Winlogon but it still let me change to that directory, I have just deleted the value so I'll check now and see if it's working Link to comment Share on other sites More sharing options...
cheeseslice Posted December 12, 2008 Author Share Posted December 12, 2008 (edited) Did they replace msgina.dll? (unlikely)... more likely, they pointed ...HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon , GinaDllto their GINA.Login as local admin in safe mode. Reset local admin with linux boot CD if needed.Delete the GinaDll entry.boot normal and login as local admin.do your business...put GinaDll entry back into registry...reboot.Lar.I got logged into the machine as local admin no problems but would anyone have any ideas why, when I edit the registry again as local admin to point back to their gina, that it will not let me log into the domain. I just keep getting an error that my password is incorrect.I haven't changed any other files so I can't see what it should not go back to working properly.*Update*I changed the registry again so that I'm back to the original msgina. I can log into the domain using this yet when I go back to the other it still wont let me log in. I'm wondering if by changing it I have somehow corrupted the file. Edited December 12, 2008 by cheeseslice Link to comment Share on other sites More sharing options...
Danny35d Posted December 12, 2008 Share Posted December 12, 2008 (edited) I assuming now you have two NIC cards. Did you disable the one that won't work? If you didn't the computer still trying to log you in using the bad NIC card. You can disable the card or go to the TCP/IP Settings and remove the check mark from "Automatic metric" and assign 0 to the good NIC card and 1 to the bad NIC card. Edited December 12, 2008 by Danny35d AutoIt Scripts:NetPrinter - Network Printer UtilityRobocopyGUI - GUI interface for M$ robocopy command line Link to comment Share on other sites More sharing options...
cheeseslice Posted December 12, 2008 Author Share Posted December 12, 2008 I just wanted to thank everyone for their help. It seems the problem was because I had renamed the custom file in knoppix, it must have become corrupt. Once I copied another version of it over from another working machine it started working again. I had been doing my experiments on a test machine so it is now time to move over to the 4 workstations that are broken. If I try this in bartpe and it works then I assume I will be able to script this using autoit? If not then I suppose I'll have to try and do it in python for knoppix. thanks again Link to comment Share on other sites More sharing options...
PsaltyDS Posted December 12, 2008 Share Posted December 12, 2008 I just wanted to thank everyone for their help. It seems the problem was because I had renamed the custom file in knoppix, it must have become corrupt. Once I copied another version of it over from another working machine it started working again.I had been doing my experiments on a test machine so it is now time to move over to the 4 workstations that are broken.If I try this in bartpe and it works then I assume I will be able to script this using autoit? If not then I suppose I'll have to try and do it in python for knoppix.thanks againMake sure you are using at least KNOPPIX 5.1 when doing things like this, the NTFS write capability was very Beta and buggy in the 4.x versions. Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now