It was surprising to see the CommNet desktops at our disposal at TechEd Barcelona 2008. This time, you were not required anymore to perform a Windows logon to the machine with your attendee account. A generic, limited user account was already logged-on. Every attendee had to use this account.
This is a bad idea. Even a limited user account can be compromised with spyware, as I’ve shown with my Basic Process Manipulation Tool Kit.
cmd.exe was disabled, but this policy is still easy to bypass:
Didier Stevens 