Chaining another gina.dll (WXP/W2k3)

Chaining another gina.dll (WXP/W2k3)

Chaining another gina.dll (WXP/W2k3)

The information below does only apply to WXP and W2k3 Server. Unfortunately, Microsoft removed the option for "gina.dll" from Vista and higher versions of Windows.
AADS Terminal Server supports the chaining of another gina.dll.

For Windows Vista and newer, see Custom Logon .

The subject "gina.dll" is not for the end-user, but for the Administrator or software developer. The subject "gina.dll" is not for the end-user, but for the Administrator or software developer. Be very carefully: if a mistake is made, the logon process will fail, resulting in a completely unusable server. At least Windows-safe-mode is needed in order to recover from a wrong settings.

Setup

When AADS Terminal Server is installed, it create the following keys:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
ginadll = %systemdirectory%\aadlogon.dll

HKLM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP
fUseDefaultGina = 0

How Chaining is done

The original values are saved by our Setup-program as follows:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
_ginadll = 'original value'

HKLM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP
_fUseDefaultGina = 'original value'

When you un-install AADS Terminal Server the original values are copied to the two original keys.

Chaining another gina.dll happens by default

default msgina.dll is chained
if some other gina.dll is already installed and used on the server, our Setup-program will save those values in the _ underscore keys and our aadlogon.dll will chain to the dll in _ginadll.
you can change the value of _ginadll in order to chain to another gina.dll

Testing and Logfile

You can test the chaining as follows:

Download our Demo (read: do not try this in a production environment but test it first...)
Install our Demo on a Test-WXP-system in a Test environment.

Place the value

c:\windows\system32\msgina.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\_ginadll
type REG_SZ

Place the value

0

HKLM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP\_fUseDefaultGina
type REG_DWord

The file msgina.dll is always chained so you will not notice any difference. However, the explicit chaining of msgina.dll is logged in our logfile.

Important: login with a second user thru a remote desktop. Due to un-important timing issues, the chaining of another gina.dll done by the login on the local console is not logged.

Logfile AADServer_TermServer.log

19:25:08.125|Info|1|Loading Logon Gina: c:\windows\system32\msgina.dll
19:25:08.171|Info|1|C:\WINDOWS\system32\aadlogon.dll (Demo: 2.2.83.1) 1/3/3

Our own aadlogon.dll is shown and the chained ginadll c:\windows\system32\msgina.dll.

If the logfile shows

|Error|1|Loading Logon Gina: c:\windows\system32\gina_bug.dll

The |Error| indicates that the dll gina_bug.dll could not be loaded or did not meet the minimal requirements.

Extra logging for each remote session

Create the following DWord Registry key:

HKLM\Software\AADServer\Create GINA logfile
type REG_DWord

and give it a value 1.

The result will be that for each session a logfile is created in C:\Windows\Temp. Do not use this in production environment; you will end up with many logfiles in C:\Windows\Temp.

Minimal requirements of a gina.dll

A GINA DLL must export these functions.
No bugs (or the AADS server will crash.....)