Sept. 20, 2012
Arbitrary Code Execution Before Logon
system administration

Uses instsrv.exe and srvany.exe to execute AutoHotkey code on a system prior to login, but after a network connection.

I used this to perform the tricky window manipulation required to launch and connect to a VPN with SonicWALL's Global VPN client so that the subsequent login could create a domain account profile for the first time when one didn't already exist, as well as get group policy updates. I realized later this complicated setup was entirely unnecessary as I could simply connect to the VPN on a separate profile that remains active in the background.