locked
Network Providers and Credential Managers RRS feed

  • Question

  • Greetings.  A product I work on implements what MS has referred to as a "Credential Manager", providing architected entry points such as "NPLogonNotify" from a dll we produce.  I know that there are several security-related changes in Vista, but from what I have read (which isn't a lot), it is not clear whether or not "Credential Managers" as implemented and working today under Windows XP will continue to work in all cases or some cases as-is, or can work but require some changes, or will never work, in Windows Vista.  Could someone at MS please provide an authoritative answer or point me to a doc that already does?  My apologies if this has indeed been clearly documented somewhere, but I have just not dug in enough yet.  Thanks much!
    Tuesday, November 1, 2005 1:53 PM

All replies

  • Network providers are longer going to be supported in Windows vista.  Just do a google search on Winlogon changes.  you would probably need to conver this to a service.

    here is the new ICredentialProvider Interface.

    http://windowssdk.msdn.microsoft.com/library/?url=/library/en-us/ShellCC/platform/shell/reference/ifaces/icredentialprovider/icredentialprovider.asp?frame=true

    Josh
    Friday, December 2, 2005 7:13 PM
  • Are you sure you're not confusing Credential Providers with Credential Management and Network Providers? I haven't seen any reference anywhere to NPLogonNotify and NPPasswordChangeNotify going away. Please confirm as this was not in the release notes, mentioned at the PDC, listed in the documentation, or anything like that.

    Thanks.

    -Rob

    Friday, February 3, 2006 2:01 PM
  • Hallo,

    I've also problems in migrating a credential manager from XP to Vista. My proposition is that credential managers are still working in Vista. (LanmanWorkstation for example still exists in Vista...) So i made the following entries in the registry:
    (from http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/authentication_registry_keys.asp)

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
         AnotherNetSvc\NetworkProvider\ProviderPath = %SystemDir%\system32\myprov.dll

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
         AnotherNetSvc\NetworkProvider\Class = 2

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
         AnotherNetSvc\NetworkProvider\Name = MyProvName

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
         AnotherNetSvc\NetworkProvider\Group = NetworkProvider

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
         NetworkProvider\order = AnotherNetSvc,LanmanWorkstation,....

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
         Lsa\Notification Package = AnotherNetSvc,scecli    //not necessary i think so forget it

    myprov.dll is in the System32 folder and traces in a file in the users directory where the users group has all rights.

    Nevertheless the dll doesn't trace anything. Anybody with an idea? Has the dll to be signed by Microsoft or something;)?

    Thanks in advance

    Gerald


    Friday, November 17, 2006 10:09 AM
  • In the last case, I believe there are couple issues with the registration:
    %systemdir% is not a valid default env variable.
    The Group value is to be defined one level higher.

    Saturday, November 18, 2006 1:48 AM
  •  

    HI There,

     

    i am also having an issue with a windows vista client. The machine is connected to a LAN, but the user cannot login. It keeps poping up with this error message :

    "The system could not acces the credential server. If the problem persists please contact the system administrator. We have just impletented Windows Vista so i am not that clued on the system. Please note that i removed and added this machine from the domain for troublshooting purposes. Some feedback would be great. Oh! we have 2003 servers.

     

    Thanks Alot

    Operator10

    Tuesday, December 4, 2007 11:50 AM
  • This is not really related to the rest of the thread.

    Is this the exact error message? Is it a translation?

     

    Could it be this one?

    // There are currently no logon servers available to service the logon request.

    One way to be sure is to find the exact status code in the security eventlog.

     

     

    Wednesday, December 19, 2007 4:05 AM