0

We have an air-gapped Windows Server, not connected to the public or private network.

There are a number of routine tasks that must be performed on this machine after hours. These have been automated using AutoIt scripts.

Now, as you may know, AutoIt commands such as ControlSend and ControlClick can operate in a kind of headless mode, with no window manager being available. However, WinActivate, Send and MouseClick all require the workstation to be unlocked. Unfortunately, due to the nature of some of these tasks (and current limitations of the software they interact with), we must use the later commands. Therefore, the workstation must be unlocked.

Is there any way to unlock Windows programmatically? Everything I have read indicates: NO.

However, VNC does it. Windows RDP does it (when you provide your credentials). Is there any way to use these programs to unlock the current workstation on a predefined schedule without human intervention?

Providing a user account and proper credentials is not a problem, and we have ways to appropriately encrypt/decrypt our passwords so they are available to a shell script or programming system.

mfinni
  • 35,711
  • 3
  • 50
  • 86
JonathanDavidArndt
  • 1,414
  • 3
  • 20
  • 29
  • How about using `mstsc` and a custom .rdp file to establish a Remote session to the localhost? https://technet.microsoft.com/en-us/library/cc753907(v=ws.11).aspx – Appleoddity Nov 22 '17 at 02:49
  • @Appleoddity Using `mstsc` looked promising initially. Tested it out on a similar server machine, and everything seemed to work except entering and saving credentials. However, when attempting on the Windows 7 server, mstsc would not even try to connect, stopping with errors saying `could not connect to another console session on the remote computer because you already have a console session in progress`. – JonathanDavidArndt Nov 23 '17 at 04:36
  • What command did you try? What do you mean “Windows 7 Server?” I was under the impression we were working with server operating systems. Windows 7 is a workstation OS. – Appleoddity Nov 23 '17 at 13:03
  • 1
    How’s about just never having the machine lock, and having it auto login during reboot? – Appleoddity Nov 23 '17 at 13:05
  • @Appleoddity We do have several scenarios going on, and I was trying to simplify for the question. We have noted clear differences between the server environment and the Windows 7 workstation test. I will edit the question to be more clear. – JonathanDavidArndt Nov 23 '17 at 14:03
  • @Appleoddity Having the machine auto login during reboot is an excellent suggestion... except that we periodically reboot and prefer the machine to be locked by default. A headless scripted solution is preferable, but this is probably what we'll use if nothing else presents itself. – JonathanDavidArndt Nov 23 '17 at 14:05

0 Answers0