Skip to main content

In this guide, I will show you how to display logon banners for VBR Server via Group Policy and Windows Registry.

Why Display Interactive Logon Messages for your VBR Server?

Oftentimes, System Administrators undermine the importance of implementing security practice. However, the display of a warning message before signing in helps act as a deterrent against unauthorized access attempts. Potential intruders may be discouraged from attempting to log on if they are presented with a clear message indicating that unauthorized access is prohibited and subject to consequences.

Detective control is designed to reduce the likelihood someone will chose to perform a certain activity.

For some of us that have administered network devices in the past such as on Cisco appliances, you will be very conversant with the implementation of logon banners (MOTD). This is usually over-looked on Windows. So, why not implement it for the solution that protects your critical business data? 

There are numerous reasons to implement login banner for your VBR Servers outside the reasons mentioned above.

It’s advisable to set Interactive logon: Message text and Texts for users attempting to log on to your VBR Server in order to communicate the legal requirement, and security policies.

You can also use it to raise security awareness among employees. This reminds them not to engage or think of engaging in malicious activities. 

By the way, you can also use it to communicate important announcements, Windows updates (maintenance schedules) etc. The list goes on and on.

Implement Logon banner?

Before diving into the implementation, it is worth mentioning that this is a “Deterrent” control. There are different  Security Control Categories, So i will be dropping my CISSP security guide on my site soon and will link it it in the future.

Implementing “Interactive Logon Messages” is not enough to protect your VBR server. I found this guide from @PaoloValsecchi very useful and since I have written a piece like this myself, it is worth sharing his the community 😁 You may also want to see the “Best Practice Analyzer” written by @vNote42. These guidelines will help protect your server when implemented.

Since one of the recommended best practice is to deploy the VBR outside the domain, I will be implementing this policy locally using the Local Group Policy Editor. Launch the policy editor by typing gpedit on the run dialogbox or via the search windows.

Navigate through Local Computer Policy->ComputerConfiguration->Windows Settings->Local Policies->Security Options.

In the right pane of the window, you will find the two policies that we will be suing. They are “The Interactive logon: Message text for users attempting to log on and Interactive logon: Message title for users attempting to log on policy settings.

 

First, for the “Interactive logon: Message title for users attempting to log “. Type your warning message in the wizard below. if you wish to implement this in your environment, this link will be vital i coming up with some unique banner messages.

🚫 UnauthorizedUnauthorized Access Alert! 🚫

 

Unauthorised access is strictly prohibited and will result in severe penalties. Only authorised access is permitted

 

 

You may restart your server of apply GPupdate. You may want to learn about the various “Group Policy GPUpdate Commands“. You may want to see how this can be done for your servers via GPO and Windows Registry!

The Windows Registry is a system-defined database in which applications and system components store and retrieve configuration data.

Launch the Registry Editor and navigate to the following keys.

HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Policies/System/

The Legalnoticetext policy setting specifies a text message that displays to users when they sign in. The second policy which is Legalnoticecaption specifies a title for the title bar of the text message window.

This step does not actually require a reboot. But if you wish to test to ensure it is applied correctly, kindly restart your server when no job is running.

Below are the message title and text configured. Yes, they are not descriptive enough as this is just to show you the steps to implement yours in your own environment.

Click on Ok. You will be prompted with your login Window. Enter your password in order to gain access to your VBR!

To undo these changes, simply navigate to the Policy settings or Registry Key and remove the messages.

In summary, a requirement for successfully prosecuting unauthorised (disgruntled users) who maliciously access your VBR server is by having a warning banner displayed. 

Very cool article @Iams3le


Very cool article @Iams3le

Thanks @Chris.Childerhose! The article has been updated with more images.


I was going to do this in my environment a year or 2 ago, but never implemented. Great reminder post Christian!


Thanks @Iams3le for sharing your knowledge ! 👍


Great article @Iams3le 

Just to add, it is also worth enabling additional auditing as well on sensitive servers. This can be sent to an external SIEM for example. 


Great article @Iams3le 

Just to add, it is also worth enabling additional auditing as well on sensitive servers. This can be sent to an external SIEM for example. 

Failed logins and unusual rdp activity are mandatory :)

@Iams3le Great article, i did’t know that for windows. Linux motd are quicker to config.


Fantastic. I plan on using this ASAP. 


Fantastic. I plan on using this ASAP. 

Good to know @Scott!


Comment