Winlogon and Minlogon

[Michells]

Hello All,

I am looking into the difference between Minlogon and WInlogon. kindly
if any one knows the difference please let me know or if u have any
links related to it.

Basically Winlogon Component is more secure than Minlogon.
but Minlogon reduces footprint.

these are the details i know abt these components.
So kindly let me know if u have any other information on these
components.

Regards
Michells

 

[KM]

Michells,

You should read this: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnxpesp1/html/XPE_MinLogon.asp

And important note about Minlogon's security: http://msdn2.microsoft.com/en-us/library/ms912943.aspx

 

[Richard]

I think the issue I ran into was file sharing. When another XP machine
tried to connect to a resource of the XPe Target with Minlogin, it was
prompted for a username and password, which of course no matter what was
entered would not work. This was not on a domain.

That itself went against the basic rules in the provided documents that
Minlogin would never ask for passwords.

I heard a couple of people got around this but I never did find out any
details how it was done. In our case, Minlogin was almost perfect, except
for the fact in our application, we can only copy new files over by using
the network shares. If you can't access shares, and you can't access the $
admin drive, then it made it useless for us.

I'm interested in knowing if it was just me in the early stages or if this
is still a limitation.

Richard

 

[KM]

We are changing topic here but nevertheless. You should not expect things like file sharing working the same way under Minlogon vs
Winlogon.

One of the main limitation [XPe feature ] of Minlogon is the fact it doesn't deal with user account. It doesn't initialize user
account settings and etc. (no need for userinit)

Obviously, file sharing wouldn't work under LocalSystem account. Otherwise it would be a big security issue for XP - you could get
to any system shares without an authorization.
However, it doesn't mean you can't get it working under Minlogon if you use a user account. However, don't expect that you won't see
a prompt for user name/password when you are trying to access the share from another machine (unless, of course, you are logged in
there under the account with the same credentials).

Theoretically (I never tried this) you could do the following:
- create Minlogon system with an Admin or user account added
- launch Minlogon system and get to a CMD
- launch another cmd instance with runas.exe (I'd even use /noprofile switch here). E.g. : "runas /noprofile
/user:mymachine\administrator cmd"
- in the second CMD instance run a "net share sharename=....." command
- try accessing the share from another machine. better use "net use /user:mymachine\administrator" command there.

If the above works, you can always pre-set things in TD if you grab from the working runtime, where you set up the shares, and
import the following key in TD:
[HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares], make sure to capture the Security subkey there.

Of course using "net use" command from within the Minlogon runtime has never been an issue assuming you included right net
components.

--
=========
Regards,
KM

I think the issue I ran into was file sharing. When another XP machine tried to connect to a resource of the XPe Target with
Minlogin, it was prompted for a username and password, which of course no matter what was entered would not work. This was not on
a domain.

That itself went against the basic rules in the provided documents that Minlogin would never ask for passwords.

Where di you read thsi with regards to the file sharing feature?