Looks like CPUS_UNLOCK_WORKSTATION usage scenario removed from Windows10 RRS feed

  • Question

  • Hello,

    I've faced with issue in custom credential provider and filter on Windows10 which is succesfully working on previous versions of windows.

    The cause of that issue that on Windows10 i can't receive CPUS_UNLOCK_WORKSTATION usage scenario in ICredentialProviderFilter::Filter function when machine is locked. I'm receving CPUS_LOGON scenario after lock while on Windows7 i'm receiving CPUS_UNLOCK_WORKSTATION scenario. So on Win10 our product doesn't determine unlock scenarion and unfortunately cannot work properly. Looks like there are some changes in credential provider work on windows10 but i can't find any document or article which describes them. Can you please help me to determine what changes where done on credential provider of windows10.



    Wednesday, August 12, 2015 3:19 PM

All replies

  • Hello Sergii,

    I experiment the same issue on Windows 10. The scenario CPUS_LOGON is returned instead of CPUS_UNLOCK_WORKSTATION when locking the session.  Did you find any workaround?

    Best regards,

    • Edited by Skuallpa Wednesday, August 19, 2015 12:43 PM
    Wednesday, August 19, 2015 12:42 PM
  • I met the same issue on Windows 10.

    Is there anyone response for any solution?


    Friday, September 18, 2015 6:45 AM
  • I too am waiting on a resolution to this issue. Any response from Microsoft on this? 
    Friday, November 13, 2015 10:23 PM
  • It is documented on MSDN "CREDENTIAL_PROVIDER_USAGE_SCENARIO enumeration (Windows)"


    Starting in Windows 10, the CPUS_LOGON and CPUS_UNLOCK_WORKSTATION user scenarios have been combined. This enables the system to support multiple users logging into a machine without creating and switching sessions unnecessarily. Any user on the machine can log into it once it has been locked without needing to back out of a current session and create a new one. Because of this, CPUS_LOGON can be used both for logging onto a system or when a workstation is unlocked. However, CPUS_LOGON cannot be used in all cases. Because of policy restrictions imposed by various systems, sometimes it is necessary for the user scenario to be CPUS_UNLOCK_WORKSTATION. Your credential provider should be robust enough to create the appropriate credential structure based on the scenario given to it. Windows will request the appropriate user scenario based on the situation. Some of the factors that impact whether or not a CPUS_UNLOCK_WORKSTATION scenario must be used include the following. Note that this is just a subset of possibilities.

    • The operating system of the device.
    • Whether this is a console or remote session.
    • Group policies such as hiding entry points for fast user switching, or interactive logon that does not display the user's last name.

    I can receive CPUS_UNLOCK_WORKSTATION on both Windows 10 Home and Windows 10 Pro by

    • enabling "Interactive logon: Do not display last user name" in group policy (Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options)
    •  -or-
    • setting "dontdisplaylastusername" to 0x1 in registry (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System).
    Wednesday, January 20, 2016 6:34 AM