Setting Citect to Run as Shell in

WIN XP Under a Specific User

(Tested on XP with V6.0 -> v7.0)

 


Technical Paper

 

 


Abstract

This paper shows the user how to set Citect to run as shell in WIN XP under a specific user.

 

www.citect.com/support

Contacts

support@citect.com


Contents

SETTING CITECT TO RUN AS SHELL IN WIN XP UNDER A SPECIFIC USER

In order to get Citect to run as a shell replacement, you must modify the registry.

 

 

 

 

 

 

 

 

1. CREATE A NEW USER

While logged in as a user with administrator rights, CREATE A NEW USER (with temporary admin rights). This New User should be created with the view that it can ONLY access CitectSCADA.

YOU MUST CREATE A NEW ACCOUNT. THIS ACCOUNT SHOULD REMAIN EMPTY, WITH NO IMPORTANT FILES STORED TO THE ACCOUNT”S FOLDERS. THIS IS BECAUSE WE WILL DISABLE ALL OPTIONS TO ENTER WINDOWS AT ALL IN THE SECOND HALF OF THIS DOCUMENT, AND THE ACCOUNT WILL NEED TO BE DELETED AND RE-CREATED IF ANY WINDOWS FUNCTIONALITY IS TO BE RETURNED.

IF YOU DO THIS TO AN EXISTING ACCOUNT, YOU MAY NEVER BE ABLE TO LOG INTO WINDOWS AGAIN USING THIS ACCOUNT AND ALL ACCESS TO YOU USER SPECIFIC FILES WILL BE LOST

2. LOGIN AS NEW USER & CHANGE SHELL FOR THAT USER

First, ensure Citect SCADA is installed, the INI file has the required modifications, the project is restored, and the Runtime will start successfully.

While logged in as this new user with administrator rights, go to start > Run then type “REGEDIT”

Create or change the following Registry entry:

Key: HKEY_Current_User\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Type: REG_SZ
Value: "C:\Program Files\Citect\CitectSCADA 7\Bin\Citect32.exe" Or equivalent path where CITECT32.exe is located.

 

 

It is recommended that you log out, then back in to test if you are successful at this point, as there will be no way of fixing the issue, after progressing to the next step.
After logging in, If you require to access the Windows Explorer Shell then you can press "ALT + CTRL + DEL", select 'Task Manager' then 'File' | 'New Task' and type 'EXPLORER'. This will load the TaskBar and Desktop, and allow you to make any required changes to get this working.

Once this part is working sucessfully, we can close this 'Backdoor' by following the next step.

IF THIS DOES NOT WORK REFER TO APPENDIX A FOR MORE COMPLETE INSTRUCTIONS

 

 

3. LOCKING TASK MANAGER: SECURITY

CREATE A NEW USER BEFORE ATTEMPTING THIS! IF THIS IS USED IN CONJUNCTION WITH A SHELL REPLACEMENT, THEN THERE WILL BE NO WAY OF ACCESSING WINDOWS AT ALL UNDER THIS ACCOUNT. THIS CHANGE WILL NOT BE ABLE TO BE UNDONE. THE ACCOUNT WILL HAVE TO BE DELETED TO REMOVE THIS LOCK. ENSURE A BLANK ACCOUNT IS USED AND NO LOCALLY CREATED FILES ARE MADE

IF YOU DO THIS TO AN EXISTING ACCOUNT, YOU MAY NEVER BE ABLE TO LOG INTO WINDOWS AGAIN USING THIS ACCOUNT AND ALL ACCESS TO YOU USER SPECIFIC FILES WILL BE LOST

Why Disable 'Task Manager':

If a user has access to Task Manager, they can select “New Task” and type ”Explorer” and the Windows shell will open, giving them full access to the machine (up to their account privileges level), hence defeating the purpose of loading Citect as a Shell.

Hence, we must disable only the “Task Manager” functionality of the ALT + CTRL + DEL menu. Yet the user may require the use of 'ALT + CTRL + DEL' for other functions such as ‘shutdown’, and ‘logoff’.

Firstly, when you press 'ALT + CTRL + DEL', if it goes straight to the 'Task Manager' and you are not prompted with the following screen:

Then you need to disable the 'Welcome Screen' and 'Fast User Switching' as shown below:

If you do not do this, then after disabling the Task Manager, when you press 'ALT + CTRL + DEL' you will not have any of the options such as 'Logout', 'Shutdown' etc, and just be given the following prompt:

 

 

Disabling 'Task Manager':

Click: 'Start' | 'Run' | 'gpedit.msc' then set the following 'Group Policy' for your local user.

Now when pressing 'ALT + CTRL + DEL' the user will be shown:

 

 

 

 

 

 

 

If you want to add another 'BackDoor' in case you wish to access Windows again with this user, it is recommended that you add a Button to your SCADA project, that requires elevated privileges to press.
As the Cicode function behind this button, simpy have:
exec("explorer.exe")

 


IF YOU WISH TO CHANGE THE PRIVILEDGES OF THIS ACCOUNT FROM ADMINISTRATOR TO A LESSER VALUE, EITHER CHANGE WHILE LOGGED IN AS THIS USER BEFORE RESTARTING MACHINE, OR LOGIN AS ADMINISTRATOR.

 

 

 

 

 

 

 

AFTER THE NEXT REBOOT, THIS USER ACCOUNT WILL NO LONGER BE ABLE TO ACCESS WINDOWS, ONY CITECTSCADA

IF YOU NEED TO ACCESS WINDOWS, USE ANOTHER ACCOUNT

 

 

 

 

 

 

 

 

 

APPENDIX A:

If steps above do not work, try these extra steps (should be default values)

When Windows XP starts, Key1 is called and the default Windows shell is started. However, if the default value is changed to USR:Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Windows looks in the HKEY_Current_User key to start a specific shell for the user logging on. If the specific user shell is not found, Key2 is called and a default shell is started.

 

 

 

 

Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot\Shell
 Type: REG_SZ
 Value: SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

 

Key2 provides a default shell if the user shell application cannot be found. When you select a shell component for a Microsoft Windows XP Embedded configuration, Key 2 is set up to the shell application as the default shell.

 

 

 

 

Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
 Type: REG_SZ
 Value: Explorer.exe (or this can be a different default application)

 

Key3 sets up a shell for the current user or logged-on user. Thus, the only way to change a particular user's shell is to log on to the user account and create this registry entry.

 

 

 

 

Key: HKEY_Current_User\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
 Type: REG_SZ
 Value: C:\Citect\Bin\CITECT32.exe Or equivalent path where CITECT32.xe is located.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Disclaimer

Disclaimer of All Warranties 
SCHNEIDER ELECTRIC (AUSTRALIA) PTY LTD DISCLAIMS ANY AND ALL WARRANTIES WITH RESPECT TO SCHNEIDER ELECTRIC (AUSTRALIA) PTY LTD PRODUCTS AND THE RELATED DOCUMENTATION, WHETHER EXPRESS OR IMPLIED, INCLUDING SPECIFICALLY THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A GENERAL OR PARTICULAR PURPOSE. CITECTSCADA AND THE RELATED DOCUMENTATION ARE PROVIDED "AS IS," AND YOUR COMPANY UNDERSTANDS THAT IT ASSUMES ALL RISKS OF THEIR USE, QUALITY, AND PERFORMANCE.

Disclaimer of Liability 
YOUR COMPANY AGREES AND ACKNOWLEDGES THAT SCHNEIDER ELECTRIC (AUSTRALIA) PTY LTD SHALL HAVE NO LIABILITY WHATSOEVER TO YOUR COMPANY FOR ANY PROBLEMS IN OR CAUSED BY SCHNEIDER ELECTRIC (AUSTRALIA) PTY LTD PRODUCTS OR THE RELATED DOCUMENTATION, WHETHER DIRECT, INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL (INCLUDING LOSS OF PROFITS).

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Attachments