Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Local Security Policies for workgroup network logons

79 views
Skip to first unread message

Doug Hoeffel

unread,
Dec 11, 2002, 2:34:36 PM12/11/02
to
Hello:

The product I work on has the ability to be serviced remotely via a web
page. One of things that can be done is to
restart this remote machine. I understand the process of enabling the
SE_SHUTDOWN_NAME privilege etc. before the call
to ExitWindowsEx. This works fine on Win NT and 2K but not on XP. With my
Win XPe box, I get an access denied error
in the OpenProcessToken api call. According to the MSDN documentation, if
the computer is joined to a workgroup, which
is my case, and the "Force network logons using local accounts to
authenticate as Guest" policy is enabled, the function
fails and returns ERROR_ACCESS_DENIED. Note that this policy is enabled by
default for a computer running Windows XP
Professional that is joined to a workgroup. This is where the problem gets
interesting. First, I have added the component
for secpol.msc (Security Settings Editor component) but I do not see this
policy under Local Policies - Security Options.
Yes, this was a post many months ago that I could not find an answer for. I
have spend almost a day searching for clues on this.
I would like to atleast see this policy so I can set it for "Classic" since
this is the old NT/2K way and not the new XP way
of authenticating network logins. Second, by default on XPe the Guest
account is disabled and the ForceGuest registry parameter is 0 which further
confuses the issue. I tried setting the the ForceGuest registry parameter
to 1 but I don't see any
changes to the Security Options applet.

Does anyone know how to get more of the policies to appear in the Local
Security Settings applet? Or in XPe is there
some other way to get network logons to authenticate as themselves instead
of using Guest? My computer is NOT joined to a domain.

Thanks... Doug


Jon Fincher (MS)

unread,
Dec 19, 2002, 8:05:26 PM12/19/02
to
"Doug Hoeffel" <doug.hoef...@camtronics.com> wrote in
news:#H6zB2UoCHA.2408@TK2MSFTNGP11:

> Hello:


> Does anyone know how to get more of the policies to appear in the
> Local Security Settings applet? Or in XPe is there
> some other way to get network logons to authenticate as themselves
> instead of using Guest? My computer is NOT joined to a domain.

There's a component I made a while ago that added some of the local
security stuff - might be what you're looking for, but then again...

Anyway, you can recreate the component. Basically, it's got three
things in it - a file resource, an FBA DLL Registration, and some
dependencies.

The file resource is sceregvl.inf, and should be put in the %17% folder
(\Windows\INF). It's in the repository, just not owned by any other
component. There is a bug on it.

The FBA DLL Registration goes as follows:

FilePath: %11%\rshx32.dll
DLLInstall: FALSE
DLLRegister: TRUE
Flags: 0
Phase: 4500
Reboot: FALSE
Start: 1
Timeout: 0
Type: 2

Everything else should be left as is.

The dependencies are easy - two component requirements, "Security Shell
Extension", and "Windows Security Configuration Editor Client Engine".

Import that component to your DB, include it in your config, check deps
and rebuild.

--
--Jon, MS

This posting is provided "AS IS" with no warranties, and confers no
rights.

Doug Hoeffel

unread,
Dec 31, 2002, 2:22:47 PM12/31/02
to
Thanks Jon... this helped a lot!

"Jon Fincher (MS)" <jonfi_...@microsoft.com> wrote in message
news:Xns92E9ADE10A50Cjo...@157.54.3.22...

0 new messages