Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Win7 Autologon - LSA bug or by design?

21 views
Skip to first unread message

Alan Adams

unread,
Jul 9, 2010, 10:15:57 AM7/9/10
to
ClemClark <Clem...@no-mx.forums.novell.com> wrote:

> Was having problems with AutoAdminLogon and the Novell Client.
> Although it would autologon onto Novell, when trying to passthrough to
> windows I would receive "the local username or password is incorrect".
>
> If I set the Novell Login to OFF in the Novell Client properties, then
> the AutoAdminLogon works a treat.
> I was basically setting AutoAdminLogon by adding the appropriate
> registry keys, including the DefaultPassword key (this autologon was at
> first boot after WS was imaged, so I couldn't do it manually using
> -control userpasswords2-).
>
> I FOUND THAT IF NOVELL LOGIN WAS SET TO ON, INSTEAD OF READING THE
> PASSWORD FROM THE REGISTRY (FOR THE WINLOGON SECTION) IT WOULD READ IT
> FROM THE LSA (HKLM\SECURITY\.....\SECRETS AREA), EVEN IF NOTHING WAS SET
> THERE.
>
> Does anyone know if this is expected behaviour?
> The password needs to be stored in the Novell registry area to allow
> Novell to log in, so it doesn't need to use LSA for the Windows logon
> considering the password is already in plain text.
>
> As I said, the registry password is used instaed of LSA when Novell
> Logon is set to OFF, so it seems that the Novell Client is causing an
> issue here? What do you think?

The Novell Client for Windows 7 currently does not support retrieval
of the Windows AutoAdminLogon password by any means except the LSA
encrypted storage method that is setup by netplwiz.exe and similar
Windows AutoAdminLogon configuration UIs. The clear-text
"DefaultPassword" value isn't honored for Windows AutoAdminLogon in
Novell Client's NCCredProvider.

So there is no workaround in the short term, except to set the
LSA-encrypted DefaultPassword via "control.exe userpasswords2",
netplwiz.exe, etc. I believe it legitimate to expect that the Novell
Client should have supported the clear-text "DefaultPassword" value
since Microsoft's in-box password credential provider still supports
it; but that support doesn't exist right now.
http://www.novell.com/documentation/vista_client/vista_client_admin/data/barbsml.html

I've entered a request to add the clear-text DefaultPassword support
as Bug 621204, in case you would need to refer to it. If you have a
more urgent business case or require direct follow-up on the status of
the issue, opening a support call and citing that bug would be a way
to initiate that.

Alan Adams
Novell Client CPR Group
alan....@novell.com

Novell
Making IT Work As One
www.novell.com

Upgrade to OES Community
http://www.novell.com/communities/coolsolutions/upgradetooes/

0 new messages