Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

Secondary logon service

- - - - -

  • Please log in to reply
10 replies to this topic

#1
ctp9

ctp9

    Newbie

  • Member
  • 24 posts
  • Joined 27-May 09
Didn't realize I would need the Secondary Logon service until I came across an application that requires to be "Run As Administrator"...

Since I have removed the Secondary Logon service from my nLited install - is there a way to install it back? I believe that it is a standalone component, however - I am not sure where to begin looking and how to extract it out of the install and register it back into the system.

Any help on this would be appreciated.


How to remove advertisement from MSFN

#2
-X-

-X-

    Member

  • MSFN Sponsor
  • 2,429 posts
  • Joined 08-January 04
  • OS:XP Pro x86
  • Country: Country Flag

Donator

Give me a bit of time to analyze the changes.

Download all Windows XP Post SP3 High-Priority Updates with a simple double click @ xdot.tk post-12166-0-42859000-1399044129.png ]
               If someone helps you fix a problem, please report back so they and others can benefit from the solution. Thanks!


#3
ctp9

ctp9

    Newbie

  • Member
  • 24 posts
  • Joined 27-May 09
Thank you for your efforts! Keep in mind however - if you can't figure it out, then it's not a big deal... I am only making experimental installations now anyway, and a process gone wrong here and there is just a learning point for me that will help me make better and more "thought of" customizations in the future.

I did however discover that the following file(s) and registry entries need to be present for the Second Logon service (this is just reference for anyone who is experiencing the same problem):

Secondary Logon DLL -
seclogon.dll (in WINDOWS/system32 folder)

Secondary Logon registry entries -
Services entry:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon]
"Description"="Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="Secondary Logon"
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Objectname"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000120

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,\
  00
"ServiceMain"="SvcEntry_Seclogon"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
  02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Enum]
"0"="Root\\LEGACY_SECLOGON\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

SVC host entry:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"HTTPFilter"=hex(7):48,00,54,00,54,00,50,00,46,00,69,00,6c,00,74,00,65,00,72,\
  00,00,00,00,00
"LocalService"=hex(7):41,00,6c,00,65,00,72,00,74,00,65,00,72,00,00,00,57,00,65,\
  00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4c,00,6d,00,48,00,6f,00,\
  73,00,74,00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,\
  00,69,00,73,00,74,00,72,00,79,00,00,00,75,00,70,00,6e,00,70,00,68,00,6f,00,\
  73,00,74,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,00,00
"NetworkService"=hex(7):44,00,6e,00,73,00,43,00,61,00,63,00,68,00,65,00,00,00,\
  00,00
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
  6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
  00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
  53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
  00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
  76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
  00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
  69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
  00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
  49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
  00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
  76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
  00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
  73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
  00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
  00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
  00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
  74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
  00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
  63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
  00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
  4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
  00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
  00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,\
  00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,\
  32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,\
  00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,\
  00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,77,00,73,00,63,00,73,\
  00,76,00,63,00,00,00,78,00,6d,00,6c,00,70,00,72,00,6f,00,76,00,00,00,42,00,\
  49,00,54,00,53,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,\
  00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,\
  74,00,69,00,6f,00,6e,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,\
  00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,00,00,00
"DcomLaunch"=hex(7):44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,\
  00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
  00,00,00,00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
  65,00,00,00,00,00
"WudfServiceGroup"=hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,\
  00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DComLaunch]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\HTTPFilter]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00003020

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PCHealth]
"CoInitializeSecurityParam"=dword:00000002
"AuthenticationCapabilities"=dword:00000040

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008

I attached the required file(s) for the lazy (the .dll and the two .reg items).

This partially fixed the problem... but still doesn't fully work. The "Run As Administrator..." context menu entry does not show up anywhere.

Attached Files


Edited by ctp9, 23 January 2011 - 06:00 AM.


#4
-X-

-X-

    Member

  • MSFN Sponsor
  • 2,429 posts
  • Joined 08-January 04
  • OS:XP Pro x86
  • Country: Country Flag

Donator

I don't see that nLite modifies the SvcHost entries. How did you come to that conclusion?

Anyways, here are my findings...


You need to put the following files in system32:

runas.exe
sclgntfy.dll
seclogon.dll

And these are the registry entries that need to be added/deleted.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"


[HKEY_CLASSES_ROOT\cplfile\shell\runas\command]
@="rundll32.exe shell32.dll,Control_RunDLLAsUser \"%1\",%*"


[HKEY_CLASSES_ROOT\AppID\{6295DF2D-35EE-11d1-8707-00C04FD93327}]
@="Mobsync"
"RunAs"="Interactive User"


[HKEY_CLASSES_ROOT\MSCFile\Shell\RunAs]
"MUIVerb"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
  6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
  00,6d,00,6d,00,63,00,62,00,61,00,73,00,65,00,2e,00,64,00,6c,00,6c,00,2c,00,\
  2d,00,31,00,33,00,33,00,35,00,30,00,00,00
@="R&un as..."

[HKEY_CLASSES_ROOT\MSCFile\Shell\RunAs\Command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,6d,00,\
  63,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,00,22,00,20,00,25,00,2a,\
  00,00,00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HideRunAsVerb"=-


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon]
"Description"="Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="Secondary Logon"
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Objectname"="LocalSystem"
"Start"=dword:00000004
"Type"=dword:00000120

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,\
  00
"ServiceMain"="SvcEntry_Seclogon"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\sclgntfy.dll]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:3e,e5,d2,ff,e6,57,cd,00,c7,47,ba,76,95,af,7b,3d


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\seclogon.dll]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:e2,db,6a,19,4d,f7,7f,7d,45,6f,96,65,07,c0,71,9e


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\runas.exe]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:2b,28,50,b5,9b,29,fb,55,bf,1c,ac,64,b5,bd,5a,b7


Reboot and you should be good to go.

I've attached the reg file in case the forum software messes up the above with line breaks and extra spaces. Attached File  Seclogon.reg   5.37KB   92 downloads

Download all Windows XP Post SP3 High-Priority Updates with a simple double click @ xdot.tk post-12166-0-42859000-1399044129.png ]
               If someone helps you fix a problem, please report back so they and others can benefit from the solution. Thanks!


#5
ctp9

ctp9

    Newbie

  • Member
  • 24 posts
  • Joined 27-May 09
Thank you -X-.

I only did research online and figured that the advice given on the majority of the Internet on how to restore the Secondary logon service was universal... I did not have the tools, knowledge, or resources needed to figure it out the way you did. I actually have no clue how you got these results, but I trust that you know what you are doing. I am a novice for nLite (but am an advanced user of Windows-based operating systems and PC hardware in general - just not the little tips and tweaks as much).

I'll try this out and will report back soon.

#6
-X-

-X-

    Member

  • MSFN Sponsor
  • 2,429 posts
  • Joined 08-January 04
  • OS:XP Pro x86
  • Country: Country Flag

Donator

I'm motivated to make a tutorial because we get these type of question a lot. It's pretty easily actually. You just need something like Beyond Compare.

BTW, the forum software did mess the paste up. Use the attached reg file.

Edited by -X-, 24 January 2011 - 10:44 AM.

Download all Windows XP Post SP3 High-Priority Updates with a simple double click @ xdot.tk post-12166-0-42859000-1399044129.png ]
               If someone helps you fix a problem, please report back so they and others can benefit from the solution. Thanks!


#7
GrofLuigi

GrofLuigi

    GroupPolicy Tattoo Artist

  • Member
  • PipPipPipPipPipPip
  • 1,361 posts
  • Joined 21-April 05
  • OS:none specified
  • Country: Country Flag

I'm motivated to make a tutorial because we get these type of question a lot.

X, I think this would be very beneficial for all. I can share my experience with restoring Active Directory (or whatever it's called - the one that Nlite mentions that breaks User Accounts control panel). Few dll's and registry entries.

GL

#8
-X-

-X-

    Member

  • MSFN Sponsor
  • 2,429 posts
  • Joined 08-January 04
  • OS:XP Pro x86
  • Country: Country Flag

Donator

OK, I threw together a how-to video on figuring out what you need to add a removed component back.



Watch it in full screen and at 720p so you can see what's actually going on.

Edited by -X-, 07 February 2013 - 03:52 PM.

Download all Windows XP Post SP3 High-Priority Updates with a simple double click @ xdot.tk post-12166-0-42859000-1399044129.png ]
               If someone helps you fix a problem, please report back so they and others can benefit from the solution. Thanks!


#9
ctp9

ctp9

    Newbie

  • Member
  • 24 posts
  • Joined 27-May 09
Thank you sir! I am hoping that we could get a sticky thread with something like this in the future... because I see a lot of people asking similar kinds of questions all the time.

#10
-X-

-X-

    Member

  • MSFN Sponsor
  • 2,429 posts
  • Joined 08-January 04
  • OS:XP Pro x86
  • Country: Country Flag

Donator

ctp9, How did adding back secondary logon go?

Download all Windows XP Post SP3 High-Priority Updates with a simple double click @ xdot.tk post-12166-0-42859000-1399044129.png ]
               If someone helps you fix a problem, please report back so they and others can benefit from the solution. Thanks!


#11
TheSolyom

TheSolyom
  • Member
  • 1 posts
  • Joined 07-February 13
  • OS:XP Pro x86
  • Country: Country Flag
Hello, I know this is an old post but rather than starting a new one I thought I would try here 1st. I have done the same thing. Would you tell me where I can find the files I need to add to system32. I have searched my original XP disk and can't find them. Many thanks for your efforts

OK, found them in the RAR file and would like to report fixed error,

Many thanks

Edited by TheSolyom, 07 February 2013 - 06:05 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users