Credential Manager
Jens Pullen
We have created a credential manager dll, which is used to
save the current username and password for later use. In
Windows NT4, 2K and XP the function "NPLogonNotify" is
called every time, an user is authorized. No matter a user
is logging in or a service is to be authorized. This seems
to be different from Windows XP Embedded. Here, the
function is only called, when an authorisation is
performed by a service. The function is only called for
the window station "SvcCtl". A normal user logon is not
notified.
Is this feature deactivated in Windows XP Embedded? How
can it be activated?
Is there any other way to determine the password for the
current user?
regards
Jens
Jimmy Zhu
windows security. It allows users to input user names and passwords once so
the system can automatically supply that information for subsequent visits.
The Key Manager component provides credential storage and management
functionality. This component provides the user with a secure searchable
store for credentials. If the user is part of a domain with roaming
profiles, the credentials can be saved as part of that profile. This
mechanism enables users to use this component anywhere they can access
their profiles.
Jimmy Zhu
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Jens Pullen
thank you for your reply, but I am sorry i don't see it
really apply to my question, maybe you can help me out
here.
Let me rephrase my question (longer).
=== Background ===
We have a component which is designed to gain access to
some resources for the user that just filled out the logon
box using his username and password. That component is an
xp credential manner and is configured to receive the just
entered username and password. The system is configured
to call out NPLogonNotify exported function and supply us
with the username and password of the user that is about
to be logged on.
Windows provides us with a MSV1_0_INTERACTIVE_LOGON
structure that contains the logon information.
Now, we noticed, that on a regular XP system this process
is invoked not only for the interactive logon, but also
for each service that does not run under system account.
So windows xp actually passes us extensive logon
information for the interactive user and for each service
account. We can distinguish those by the workstation name.
the interactive logon comes with "WinSta0" while service
logons have their own "Svc..." workstation names.
Well, sofar no problem, everything works smoothly.
=== Problem ===
Recently we were asked to port our credential manager to
windows XP embedded. On this system we found that windows
does still call our NPLogonNotfy function, however the
credentials passed to us are only those from the service
accounts.
the interactive logon credentials, corresponding to
WinSta0, are omitted by the system on Windows XP.
Without the credentials of the user currently logging on
we cannot carry out our resource acquisition.
My question is not about storing credentials for
subsequent visits, but instead about providing a single-
signon against non-windows resources.
Thank you for your time reading this.
Jens Pullen
Jimmy Zhu
I just think the credential manager on Windows XP Embedded implements the
same functions as Windows XP by the documents. But I'm sorry I still need
some time to verify it.
Jimmy Zhu
Jimmy Zhu
user authorization. Can you enable full of credentials and authorization?
Can you successfully log on interactively? Logon events are audited by
default and it might help to check the Event Log - Security.