Chaining another gina.dll

PreviousNext

Home

 

Chaining another gina.dll

The information below does only apply to WXP and W2k3 Server. Unfortunately, Microsoft removed the option for "gina.dll" from Vista and higher versions of Windows.
AADS Terminal Server supports the chaining of another gina.dll.

The subject "gina.dll" is not for the end-user, but for the Administrator or software developer.
Be very carefully: if you make a mistake, the logon process will fail, resulting in a completely unusable server. You will need at least the Windows-safe-mode in order to recover from a wrong gina.dll setting.


Setup

When AADS Terminal Server is installed, it create the following keys:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
ginadll = %systemdirectory%\aadlogon.dll

HKLM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP
fUseDefaultGina = 0

 

How Chaining is done

The original values are saved by our Setup-program as follows:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
_ginadll = 'original value'

HKLM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP
_fUseDefaultGina = 'original value'

When you un-install AADS Terminal Server the original values are copied to the two original keys.

 

Chaining another gina.dll happens by default

 

Testing and Logfile

You can test the chaining as follows:

Place the value

c:\windows\system32\msgina.dll

in

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\_ginadll
type REG_SZ

Place the value

0

in

HKLM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP\_fUseDefaultGina
type REG_DWord

The file msgina.dll is always chained so you will not notice any difference. However, the explicit chaining of msgina.dll is logged in our logfile.

Important: login with a second user thru a remote desktop. Due to un-important timing issues, the chaining of another gina.dll done by the login on the local console is not logged.

 

Logfile AADServer_TermServer.log

19:25:08.125|Info|1|Loading Logon Gina: c:\windows\system32\msgina.dll
19:25:08.171|Info|1|C:\WINDOWS\system32\aadlogon.dll (Demo: 2.2.83.1) 1/3/3

Our own aadlogon.dll is shown and the chained ginadll c:\windows\system32\msgina.dll.

If the logfile shows

|Error|1|Loading Logon Gina: c:\windows\system32\gina_bug.dll

The |Error| indicates that the dll gina_bug.dll could not be loaded or did not meet the minimal requirements.


Extra logging for each remote session

Create the following DWord Registry key:

HKLM\Software\AADServer\Create GINA logfile
type REG_DWord

and give it a value 1.

The result will be that for each session a logfile is created in C:\Windows\Temp. Do not use this in production environment; you will end up with many logfiles in C:\Windows\Temp.


Minimal requirements of a gina.dll


Copyright 2012-2017 AADS WorldWide LTD. AADS Terminal Server | Application Server | Remote Desktop solutions | Firewall

PreviousNext

Home