,Japan
I've found a way to take a screenshot of the logon screen (password entry screen) before logging in to Windows 10, so I'll share the steps I've taken.
When the Windows 10 logon screen is displayed, it is not possible to take screenshots because execution of arbitrary applications and use of keyboard shortcuts are restricted.
I think that the behavior is a security measure to prevent taking screenshots after entering the password.
After investigating, I found a way to launch an arbitrary program when I click the "Easy operation icon of computer" displayed at the bottom right of the logon screen.
The easy operation icon of the computer is the icon surrounded by the red frame of the first image displayed at the lower right of the logon screen.
Using that method, I succeeded in launching IrfanView while the logon screen was displayed and taking a screenshot.
The following is the logon screen shot with IrfaView.
I ran the information from multiple sites explaining how to use the time difference capture of the Snipping Tool that comes with Windows 10, but it didn't work in my environment.
Verification version
Windows 10 Pro May 2019 Update, v1903.18362.239This article describes the procedure to change the value of the registry so that IrfanView can be started in capture mode when you click the easy operation icon (utilman.exe) of the computer in the lower right of the logon screen.
Use the following Windows tools.
- Registry editor
- Windows Defender
Instead of IrfanView, a program with a screen capture function such as Snipping Tool may be effective.
This information is useful for anyone who needs a clear screenshot image of their logon screen.
New creation of utilman.exe and Debugger
Change the registry value so that IrfanView can be started in capture mode when you click the "Easy computer operation" icon.
Registry operations are at your own risk
Before working with Registry EditorMake a backup copy of your registry in case something goes wrong.
1. Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Launch Registry Editor and locate the registry subkey [Image File Execution Options].
2.utilman.exe
Display the right-click menu of Image File Execution Options and create a new key [utilman.exe].When you go to New> key, a subkey [new key #1] will be created at the bottom of Image File Execution Options, so rename it to [utilman.exe].
- Image File Execution Options> New> Key
- Rename [new key #1] to utilman.exe
3. New> String value
Display the right-click menu in the right pane of utilman.exe and create a new string value.
utilman.exe> New> String value
- Show right-click menu in right pane of utilman.exe
- New> transition to a string value
- Rename [New Value #1] to [Debugger]
4. Debugger
- Double click Debugger to display "Edit String"
- Describe the full path and arguments of the IrfanView executable file in the value data
6 = start in capture mode
C:\...\IrfanView\i_view64.exe /capture=6
*If you are interested in the launch option of IrfanView, please read the related article at the end of the sentence.
5. IrfanView
Screenshot of IrfanView Display the detailed setting screen and set the following.
Activate IrfanView and press C on the keyboard to launch the advanced screenshot settings.
- All areas displayed on all screens
- Display the acquired image data in the main window
- Take with hotkey Ctrl+F11
Windows Defender
With the settings in the previous section, clicking the utilman.exe icon on the logon screen starts IrfanView, but at that time, Windows Defender attached to Windows 10 judges the operation as "threat" and immediately terminates IrfaView.At the same time, the newly created registry key [utilman.exe] is also deleted.
Protection history
Status: QuarantinedThe quarantined files are in a restricted location so that they don't cause problems on the device. These will be deleted automatically.
Detected threat: Behavior:Win32/AccessibilityEscalation.O
Warning level: Critical
Category: Suspicious behavior
Details: This program is dangerous and executes commands from an attacker.
To work around this issue, stop Windows Defender real-time protection only when you take a screenshot of the logon screen.
Settings> Update & Security> Windows Security: Open Windows Security
Windows Security> Virus and threat protection: Manage settings
Turn off real-time protection.
Now you're ready to take a screenshot of the logon screen.
Afterword
Here's how to take a screenshot of the logon screen.- Press Win + L on the keyboard to move to the lock screen
- Release the lock screen by clicking the mouse
- Since the screen changes to the lock screen, click the utilman.exe icon.
- IrfanView starts in capture mode
- Press Ctrl + F11 to capture the logon screen
- Login to Window
- Check IrfanView
For reference, the delay setting screen of Snipping Tool is posted.
In an environment where Winodws Defender is disabled by default, the utilman.exe registry settings seem to work fine.
Validation: Windows 10 Pro May 2019 Update, v1903.18362.239
:SC2
このサイトを検索 | Search this site