to take a snapshot of the Windows Logon Screen you need to different programs.
- A tool to start a process with Windows system permission to access the secure desktop => Microsofts sysinternals psexec.exe is the choice 🙂
- A tool to take a snapshot => I use the opensource tool greenshot
Get both programs putty download , extract and copy them to your local harddisk. From greenshot get the NO-INSTALLER-RELEASE zip version. Is this example
C:\Program Files\SysinternalsSuite\psexec and C:\Program Files\greenshot\Greenshot.exe
First of all start a cmd.exe with Administrative permissions. I’ve done it in a Remote Desktop Session.
Start greenshot in Windows system context to access the secure desktop at login screen
"C:\Program Files\SysinternalsSuite\psexec" -xs "C:\Program Files\greenshot\Greenshot.exe"
The command above keeps psexec in foreground and you could terminate greeenshot by pressing Ctrl-C.
If you want to logoff the current user and greenshot should remain or survive this, start greenshot in background. For example if you want to capture a “clean” login screen with no logged on user:
"C:\Program Files\SysinternalsSuite\psexec" -xsd "C:\Program Files\greenshot\Greenshot.exe"
When greenshot is started there are 2 programs running at login screen. The login screen itself and greenshot. You can switch between both, like on the desktop, with the ALT-TAB keystroke.
After (first) starting greenshot go to the login screen and press ALT-TAB then the language chooser of greenshot should apprear. After selecting your langauge greenshots gets in background.
To capture a screen shot use the hotkeys greenshots provides. For example the PRINT KEY at the keyboard. After pressing greenshot lets you choose which section of the screen you want to capture.
After taking your snapshots exit greenshot by killing it in the Windows taskmanager or at the command line
C:\>tasklist | findstr /i greenshot
Greenshot.exe 5180 Console 1 103.680 K
C:\>taskkill /IM Greenshot.exe /F
SUCCESS: The process "Greenshot.exe" with PID 5180 has been terminated.