Perhaps The Issue How do I support the CPUS_UNLOCK_WORKSTATION scenario? can help you. Also pay attention to that attached code link which involve changing the Password in CPUS_UNLOCK_WORKSTATION condition.
How to change the Password in Custom Credential Provider, In LOCK Scenario i.e., CPUS_UNLOCK_WORKSTATION in C++

Hi
Platform Windows 10.
Language C++, Visual Studio 2019
I am writing a Custom Credential Provider in C++, where I need to change the Domain password for a user in LOCK Scenario i.e., CPUS_UNLOCK_WORKSTATION, Can any one help me in guiding to tell me the steps or help in writing the code.
Regards
Aslam
Windows API - Win32
Windows 10 Compatibility
2 answers
Sort by: Most helpful
-
Xiaopo Yang - MSFT 6,161 Reputation points • Microsoft Vendor
2021-06-30T02:24:00.707+00:00 -
Aslam Mahaboob A 1 Reputation point
2021-06-30T18:25:58.433+00:00 Hi Mr. Yang
I have already implemented the code which you have provided in the link, and I am able to Lock and Unlock the screen,
But the real issues comes in, when "ntsStatus == Passwordmustchange" flags arises in CPUS_UNLOCK_WORKSTATION state.To change the password, I need to load the fields of OldPassword, NewPassword and Confirm Password on the Title of Credential Provider.
where in this scenario state CPUS_UNLOCK_WORKSTATION, loading of the fields are failing.So in this State of CPUS_UNLOCK_WORKSTATION, how can I load the fields on the Tile of Credential Provider.
And I want to know why they are error code of 183 is occurring for SetFieldState().Regards
Aslam -
Xiaopo Yang - MSFT 6,161 Reputation points • Microsoft Vendor
2021-07-27T08:11:56.837+00:00 I regret that the attached sample cannot run in my computer which even doesn't show logon UI.
With Microsoft Github Sample:sampleallcontrolscredentialprovider, I found a solution which can hide and show UI in LOCK Scenario.
The following code exists because I found that The Sample clears the password content. Hope helpful.HRESULT CSampleCredential::ReportResult( __in NTSTATUS ntsStatus, __in NTSTATUS ntsSubstatus, __deref_out_opt PWSTR* ppwszOptionalStatusText, __out CREDENTIAL_PROVIDER_STATUS_ICON* pcpsiOptionalStatusIcon ) { *ppwszOptionalStatusText = NULL; *pcpsiOptionalStatusIcon = CPSI_NONE; DWORD dwStatusInfo = (DWORD)-1; // Look for a match on status and substatus. for (DWORD i = 0; i < ARRAYSIZE(s_rgLogonStatusInfo); i++) { if (s_rgLogonStatusInfo[i].ntsStatus == ntsStatus && s_rgLogonStatusInfo[i].ntsSubstatus == ntsSubstatus) { dwStatusInfo = i; break; } } if ((DWORD)-1 != dwStatusInfo) { if (SUCCEEDED(SHStrDupW(s_rgLogonStatusInfo[dwStatusInfo].pwzMessage, ppwszOptionalStatusText))) { *pcpsiOptionalStatusIcon = s_rgLogonStatusInfo[dwStatusInfo].cpsi; } } // If we failed the logon, try to erase the password field. if (!SUCCEEDED(HRESULT_FROM_NT(ntsStatus))) { if (_pCredProvCredentialEvents) { _pCredProvCredentialEvents->SetFieldString(this, SFI_PASSWORD, L""); } /*PWSTR pwszDest = (PWSTR)HeapAlloc(GetProcessHeap(), 0, 255); if (pwszDest) { StringCbPrintfW(pwszDest, 255, L"ntsStatus %d, ntsSubstatus %d", ntsStatus, ntsSubstatus); ::MessageBox(NULL,pwszDest, TEXT("SEE ME?"), 0); HeapFree(GetProcessHeap(), 0, pwszDest); }*/ //The user's password must be changed before signing in. if (STATUS_PASSWORD_MUST_CHANGE == ntsStatus) { //::MessageBox(NULL, TEXT("can we"), TEXT("Here?"), 0); _pCredProvCredentialEvents->SetFieldState(this, SFI_CHECKBOX, CPFS_HIDDEN); _pCredProvCredentialEvents->SetFieldState(this, SFI_COMMAND_LINK, CPFS_DISPLAY_IN_SELECTED_TILE); } //Change UI For Password Expired if (STATUS_PASSWORD_EXPIRED == ntsSubstatus) { _pCredProvCredentialEvents->SetFieldState(this, SFI_CHECKBOX, CPFS_DISPLAY_IN_SELECTED_TILE); _pCredProvCredentialEvents->SetFieldState(this, SFI_COMMAND_LINK, CPFS_HIDDEN); } } // Since NULL is a valid value for *ppwszOptionalStatusText and *pcpsiOptionalStatusIcon // this function can't fail. return S_OK; }
-
Aslam Mahaboob A 1 Reputation point
2021-07-28T17:14:56.787+00:00 Hi Mr. Yang
Thank you for the update, in the "CPP" folder there is document called "Steps to reproduce the issue.docx", which has all the steps with pictures to reproduce the issue.
Regards
Aslam.Aslam Mahaboob A 1 Reputation point2021-07-28T17:18:06.373+00:00 Hi Mr Yang
Sorry for to inform this, You need to click on the centre of the screen to see the tile of login screen with username and password. And you can refer the steps provided in the in the "CPP" folder there is document called "Steps to reproduce the issue.docx".
Regards
AslamXiaopo Yang - MSFT 6,161 Reputation points • Microsoft Vendor2021-07-29T05:29:59.557+00:00 OK, Now everything is no problem but I used a new local user ccp.
Is a User in AD (Active Directory) of “Windows Server 2016” essential?Aslam Mahaboob A 1 Reputation point2021-07-29T08:39:23.487+00:00 Hi Mr. Yang
Thanks for the Update, it also works for the "Domain User". It does not have the implementation for password lock, it has only the UI part init. If you can go through the steps, you can reproduce the issue which i am facing i.e., not able to Load the fields of "OldPassword, NewPassword and Confirm NewPassword and Submit button" when system is locked and when you unlock the system i.e., CPUS_UNLOCK_WORKSTATION if the password expires at that time I tried to change the password CPUS_CHANGE_PASSWORD. it is not showing the fields. There is a log also which will be produced in C:\ drive .
Aslam Mahaboob A 1 Reputation point2021-07-29T08:43:17.893+00:00 Hi Mr. Yang
Sorry I forgot to answer to your query "Is a User in AD (Active Directory) of “Windows Server 2016” essential?", Yes we are working on Domain user password chang.
This code works for Domain users also, which I have mentioned in the reproducible steps in the document sent along with the code.Regards
AslamAslam Mahaboob A 1 Reputation point2021-08-04T10:08:35.64+00:00 Hi Mr.Yang
Good Morning!
Please let me know, if any update.
Regards
AslamXiaopo Yang - MSFT 6,161 Reputation points • Microsoft Vendor2021-08-05T01:11:30.637+00:00 Hello, I have escalated the question. Waiting for a professional.
Regards
YangAslam Mahaboob A 1 Reputation point2021-08-05T06:20:26.037+00:00 HI Mr Yang,
Good Morning!
Thanks for the update.
Regards
AslamAslam Mahaboob A 1 Reputation point2021-08-11T12:25:17.407+00:00 Hi Mr. Yang
Good Morning!
Any update regarding my issue. Please let me know.
Regards
AslamMahaboob Aslam 1 Reputation point2021-08-12T07:34:39.343+00:00 Hi Mr. Yang
Good Morning!
Any update regarding my issue. Please let me know.
Regards
AslamMahaboob Aslam 1 Reputation point2021-08-18T08:14:40.53+00:00 Hi Mr. Yang
Good Morning!
Please let me know if you have any update from your escalation engineers, regarding my issue.
Waiting for your reply.Regards
AslamXiaopo Yang - MSFT 6,161 Reputation points • Microsoft Vendor2021-08-18T08:18:11.82+00:00 Hi, Sorry.
I also haven't got some messages.Mahaboob Aslam 1 Reputation point2021-08-19T11:32:56.337+00:00 Hi Mr.Yang
Good Morning!
Could you please check the status with your escalation engineering team regarding the status, I would be thankful to you.
Please do the needful.Regards
ASlamMahaboob Aslam 1 Reputation point2021-08-25T17:57:26.523+00:00 Hi Mr.Yang
Good Morning!
Please let me know, if you have any update from your escalation engineering team.
Regards
AslamMahaboob Aslam 1 Reputation point2021-08-30T15:56:43.96+00:00 Hi Mr Yang
Good Morning!
Any update regarding my issue from your escalation team.
Regards
Aslam
Sign in to comment
-
-
I‘m sorry. Could you please show a minimal, reproducible sample without private information?
HI Mr Yang,
Thank you for the kind support.
And i apologize for replying late, Just give us some time I will send you the reproducible sample code.
Regards
Aslam
HI Mr. Yang
First I would like to apologise for replying late, and the good news is, I am ready with the reproducible code.
Please let me know, I would be thankful to you.
Regards
Aslam
Please upload the minimal, reproducible sample on Github and Don't forget to attach as much details for how to use it as possible. Sorry, I cannot use Email for some criteria.
Hi Mr.Yang
Good Morning!
With regards to your last reply, I have create an repository in Github as in below link.
https://github.com/MahaboobAslam/Lock-scenario-Password-change/tree/master
There is a document called "Steps to reproduce the issue.doc" in the "cpp" folder, which has the steps to reproduce the issue.
And the log file will be created as : "C:\SampleCredentialProvider.log"
Note:
In the test machine of Windows 10 of VMWare dont forget to perform these following important steps.
Open the Registry with “Registry Editor” call “Run”.
In the following path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Right click in “System” space and create a DWORD called “dontdisplaylastusername” variable and assign it to 1.
If the above steps are not followed you will not be able capture the CPUS_UNLOCK_WORKSTATION message.
Please let me know the updates. I would be thankful to you.
Regards
Aslam
Sign in to comment