PLAP provider

[Fredrik Jansson]

Hi!

I have created a skeleton PLAP provider for Vista based on the credential
provder samples. I have registered in the registry but I never see the PLAP
button at login. I have also tried to create a Windows VPN connection which,
according to credentil provider documentation, should make a PLAP button
visible. I have tried to press switch user and all buttons seen on the login
page, but no luck.

Has anyone else had problems with this?

Best regards,
Fredrik Jansson

[Fredrik Jansson]

[Eric Perlin [MSFT]]

It's critical that the VPN connection is not specific to a particular user.
It needs to be available to all.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Eric Perlin [MSFT]

[Fredrik Jansson]

Hi!

Ok, that makes sense thanks!

The credentials my PLAP enumerates, should that be users or could it be just
one credential/tile allowing any user to enter username, password and
domain? How do I get that credential information to winlogon after I am done
with it, i.e. the VPN connection is established and ordinary domain or
machine logon should continue?

Best regards,
Fredrik Jansson

"Eric Perlin [MSFT]" <EricPer...@discussions.microsoft.com> wrote in
message news:10448A17-4626-461B...@microsoft.com...

[Eric Perlin [MSFT]]

Whether your CP presents one tile or many is your design decision.
PLAPs also have one more chice to make:
The credentials used to establish the connection may be valid windows
credentials.
A PLAP may chose to present a checkbox (use the same creds for logon).
It would then serialize the same creds used to establish the connection.
Or it could stay away from logon altogether and never serialize creds...

[Fredrik Jansson]

Hi and thanks for your answers!

In my understanding it is possible to reuse credentials from the "ordinary"
credential provider by returning UpdateRemoteCredential from a filter. Is
that the correct way of doing it if I want to populate the fields with
domain and usernames?

When is the correct time to try to establish a VPN connection? In
GetSerialization or will the OS call Connect for me?

best regards,
Fredrik

"Eric Perlin [MSFT]" <EricPer...@discussions.microsoft.com> wrote in

message news:E84C6D0B-FF34-4B69...@microsoft.com...

[Fredrik Jansson]

Hi it's me again :)

I have successfully captured the credentials and got managed to logon the
user, connect is called and I could setup my VPN connection there.

Hopefully my last question, with the default cred provider a default
username and domain is presented and the user only has to enter the password
(i.e. the username and domain of the last logged in user). Is there a
"standard" way to store this information and have the credential manager
call the SetSerialization function or do I have to store it myself in the
registry? At this point the user has to reenter the username every time.

Best regards,
Fredrik Jansson

"Fredrik Jansson" <no_...@please.se> wrote in message
news:2B106977-7A27-4A4E...@microsoft.com...

[Eric Perlin [MSFT]]

The registry is an option. There's no specific guidance here.

[vaidyanatham matham]

Hi Fredrik,

I have enhanced the simple credential provider sample to PLAP and copied the
dll into system32 and rebooted the machine. I am not seeing PLAP button on
logon screen. Seems you were facing the same problem earlier. Did you find
any solution to that?

Best Reagrds,
Vaidya.

[VP]

I am also wondering how an installation program would set this up.

The only way I have been able to get our PLAP to show up is by doing the
following.
1) join the machine to a domain.
2) install our PLAP
3) Manually create a dummy VPN Connection using "Setup a connection or
Network" -> "Connect to a Workplace".
From the wizard select 'use my internet connection (VPN)' then for
internet address we used 'localhost' then checked off "let other people use
this connection..." and "don't connect now...".

Once we did this, our PLAP showed up.

The issue is that this dummy connection is irrelevant to our PLAP and just
adds another choice for the user that is confusing. There must be some
better way of doing this as this is not a production quality solution if you
have to create dummy VPN connections just to get your PLAP to show up.

I am fine with the fact that you have to join the machine to a domain first
before installing your PLAP, but even that is limiting as our GINA was used
on XP to setup VPN connections for both a domain and non-domain systems.

The big issue is how to create a production quality solution that installs
just your PLAP without having to create dummy VPN entries to get it to show
up.

"vaidyanatham matham" <a...@b.com> wrote in message
news:9ef0b0940ff24902...@ureader.com...

[VP]

I should add that on Windows 2008 Server, our PLAP shows up without having
to add a dummy VPN adapter as described below. So what is the secret to
making this work on Vista like it does on Windows 2008 Server?

"VP" <develop...@usa.com> wrote in message
news:F3299D42-88BC-45EC...@microsoft.com...

[VP]

SOLVED !!!

I figured out the secret.

You don't need to join a domain.
You don't need to have a vpn dial up adapter.

You just need to set the local security policy to require CTRL+ALT+DEL to do
interactive logon.

Once you set this (which can be set via a security script during install),
you can then install your PLAP and off you go.

This would be a good tidbit for MSDN documentation.

"VP" <in...@0.com> wrote in message
news:9D8B7ABF-CB40-445B...@microsoft.com...