Was this login screen ever intended to be a security barrier? This bypass method doesn't give you access to the network resources after all, and Windows 9x never had any kind of local security in the first place...

…or, if I recall correctly, you could just press Esc.

Only of the computer doesn't belong to a domain, otherwise you would get an error, as in the OP when he clicked "Cancel".

Worked for me :)

Wow, blast from the past. Reminds me of how we "outsmarted" our admins at the school back then to get around the limitations they put up.

OLE[1] and MS Office were very valuable allies back then ;)

[1] http://en.wikipedia.org/wiki/Object_Linking_and_Embedding

more is less

Was this zero day exploit released under Google's automatic 5,840 day disclosure rule?

This brings back memories of installing DOOM into the printer spool folder because it was the one place on the hard drive that anybody could write to. Also stole an admin password or two back in high school because keyloggers, which weren't even installed with local admin privileges, were perfectly capable of logging keystrokes heading for the login prompt.

At least we've moved beyond this level of naivety these days.

Old days war story. In the early 90s we had a computer center (we still do) here where we could all use computers if we were with an academic or school institution. This was a few years before web, around 1992. I think.

This primarily consisted of a single SPARCstation with SunOS 4.x. and a bunch of VT320 terminals (and a few IBM ones). I was in grade school, there were high schoolers here and there and mostly people in college using systems for primarily IRC and gopher.

I was learning C at the time and heavily into graphics programming so I wanted to use as much system resources as possible - which of there weren't many. So I had this cunning plan where I wrote a simple (I was grade school) C program that basically malloced as much memory in a loop as it could get and kept it. I figured that there was no quota for memory as there were for hard disk space. I ran the program I wrote into background (&) to get the process id and waited.

Program ate all the available memory and, presumably, started trashing the swap until all of the running processes were extremely slow and/or unresponsive. I watched as people around the room started to close their programs (IRC, gopher mostly) and gave up on using the system. As soon as most of them were gone, I killed the program with pid I had before. It was so effective even things like ls wouldn't work, only kill. I know it was a dick move, but I was a kid and even kind of proud of what I did back then.

Keyloggers? hah. We just looked over the shoulder of the admin when he typed it in: qawsedrf

I don't think i'll ever forget that password (If you don't understand why, try looking at a qwerty keyboard)

Windows 9x just stored your password in a pwl file. All you had to do to "hack" into an account was rename this file and it would accept any new password. Of course Windows 9x had no file system security and this hack didn't give you any network resource access but you could brute force the pwl file if you really wanted too. Although it did require quite a bit of CPU for the time obviously.

Fortunately, Windows Me fixed all those issues.

Unfortunately, it also broke everything else. :)

Reminds me of how we had Windows 98 computers at school which required an administrator password to access the internet, else the system was limited to a few applications. We managed by opening a text editor or Word or whatever, file -> open, right-click a file, Explore which gave you access to the file system. Typing in an URL in the address bar changed windows explorer to internet explorer (a feature which MS later had to pay a fine and a browser selection window for), and huzzah, internets!

Win7 bypass is fairly similar with the change of utilman to cmd.