When Windows is running in a virtual machine, it might be desirable to perform coordinated and automated logons of guest operating systems using credentials from a master logon system. (With "credentials", we are referring to logon information consisting of user name, password and domain name, where each value might be empty.) Since Windows NT, Windows has provided a modular system logon subsystem ("Winlogon") which can be customized and extended by means of so-called GINA modules (Graphical Identification and Authentication). The VirtualBox Guest Additions for Windows come with such a GINA module and therefore allow Windows guests to perform automated logons.
To activate the GINA module, first install the Guest Additions. You
will then find the GINA module -- a file called
VBoxGINA.dll -- in the Additions target
directory. Copy this file to the Windows
SYSTEM32 directory. Then, in the
registry, create the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\GinaDLLwith a value of
VBoxGINA.dll.
The VirtualBox GINA is implemented as a wrapper around the
standard Windows GINA (MSGINA.DLL) so
it will most likely not work correctly with 3rd party GINA
modules.
To set credentials, use the following command on a running VM:
VBoxManage controlvm "Windows XP" \
setcredentials "John Doe" "secretpassword" "DOMTEST"While the VM is running, the credentials can be queried by the VirtualBox GINA module using the VirtualBox Guest Additions device driver. When Windows is in "logged out" mode, the GINA module will constantly poll for credentials and if they are present, a logon will be attempted. After retrieving the credentials, the GINA module will erase them so that the above command will have to be repeated for subsequent logons.
For security reasons, credentials are not stored in any persistent manner and will be lost when the VM is reset. Also, the credentials are "write-only", i.e. there is no way to retrieve the credentials from the host side. Credentials can be reset from the host side by setting empty values.
For Windows XP guests, the logon subsystem has to be configured to use the classical logon dialog as the VirtualBox GINA does not support the XP style welcome dialog.
The following command forces VirtualBox to keep the credentials after they were read by the guest and on VM reset:
VBoxManage setextradata "Windows XP" \
VBoxInternal/Devices/VMMDev/0/Config/KeepCredentials 1Note that this is a potential security risk as a malicious application running on the guest could request this information using the proper interface.