Jump to content

hovelsj

Member
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

  • Donations

    0.00 USD 

  • Country

    Norway

About hovelsj

hovelsj's Achievements

0

Reputation

  1. hovelsj
    OS: Windows 2003 Standard,SP2 - 32-bit I used Process Monitor to find out about winlogon.exe: The process: ========= Description: Windows NT Logon Application Company: Microsoft Corporation Name: winlogon.exe Version: 5.02.3790.3959 Path: C:\WINDOWS\system32\winlogon.exe Command Line: winlogon.exe PID: 472 Parent PID: 400 Session ID: 0 User: NT AUTHORITY\SYSTEM Architecture: 32-bit Virtualized: n/a Integrity: n/a Started: 13.08.2008 16:17:34 Ended: (Running) Modules: winlogon.exe 0x1000000 0x87000 C:\WINDOWS\system32\winlogon.exe xpsp2res.dll 0x1290000 0x2C5000 C:\WINDOWS\system32\xpsp2res.dll msvcp60.dll 0x15A0000 0x65000 C:\WINDOWS\system32\msvcp60.dll msctfime.ime 0x4DC30000 0x2E000 C:\WINDOWS\system32\msctfime.ime dimsntfy.dll 0x5A120000 0x8000 C:\WINDOWS\system32\dimsntfy.dll NTLANMAN.dll 0x5F120000 0xE000 C:\WINDOWS\system32\NTLANMAN.dll hnetcfg.dll 0x5F270000 0x5A000 C:\WINDOWS\system32\hnetcfg.dll NETUI1.dll 0x5F860000 0x31000 C:\WINDOWS\system32\NETUI1.dll NETUI0.dll 0x5F8A0000 0x16000 C:\WINDOWS\system32\NETUI0.dll rsaenh.dll 0x68000000 0x35000 C:\WINDOWS\system32\rsaenh.dll wshtcpip.dll 0x71AE0000 0x8000 C:\WINDOWS\System32\wshtcpip.dll mswsock.dll 0x71B20000 0x41000 C:\WINDOWS\System32\mswsock.dll UxTheme.dll 0x71B70000 0x36000 C:\WINDOWS\system32\UxTheme.dll wsock32.dll 0x71BB0000 0x9000 C:\WINDOWS\system32\wsock32.dll MPR.dll 0x71BD0000 0x11000 C:\WINDOWS\system32\MPR.dll WS2HELP.dll 0x71BF0000 0x8000 C:\WINDOWS\system32\WS2HELP.dll WS2_32.dll 0x71C00000 0x17000 C:\WINDOWS\system32\WS2_32.dll NETAPI32.dll 0x71C40000 0x57000 C:\WINDOWS\system32\NETAPI32.dll kerberos.dll 0x71CA0000 0x58000 C:\WINDOWS\system32\kerberos.dll WINSCARD.DLL 0x72430000 0x1B000 C:\WINDOWS\system32\WINSCARD.DLL WINSPOOL.DRV 0x73070000 0x27000 C:\WINDOWS\system32\WINSPOOL.DRV icmp.dll 0x74010000 0x5000 C:\WINDOWS\system32\icmp.dll wbemsvc.dll 0x74CE0000 0xE000 C:\WINDOWS\system32\wbem\wbemsvc.dll wbemprox.dll 0x74CF0000 0x9000 C:\WINDOWS\system32\wbem\wbemprox.dll Cabinet.dll 0x74FA0000 0x19000 C:\WINDOWS\system32\Cabinet.dll wbemcomn.dll 0x750F0000 0x3A000 C:\WINDOWS\system32\wbem\wbemcomn.dll fastprox.dll 0x75550000 0x79000 C:\WINDOWS\system32\wbem\fastprox.dll PROFMAP.dll 0x75800000 0x9000 C:\WINDOWS\system32\PROFMAP.dll NDdeApi.dll 0x75810000 0x8000 C:\WINDOWS\system32\NDdeApi.dll WlNotify.dll 0x75820000 0x1B000 C:\WINDOWS\system32\WlNotify.dll MSGINA.dll 0x75840000 0x12C000 C:\WINDOWS\system32\MSGINA.dll sxs.dll 0x75DA0000 0xBD000 C:\WINDOWS\system32\sxs.dll apphelp.dll 0x75E60000 0x27000 C:\WINDOWS\system32\apphelp.dll drprov.dll 0x75E90000 0x7000 C:\WINDOWS\System32\drprov.dll davclnt.dll 0x75EA0000 0xA000 C:\WINDOWS\System32\davclnt.dll MSASN1.dll 0x76190000 0x12000 C:\WINDOWS\system32\MSASN1.dll CRYPT32.dll 0x761B0000 0x93000 C:\WINDOWS\system32\CRYPT32.dll IMM32.DLL 0x76290000 0x1D000 C:\WINDOWS\system32\IMM32.DLL cscdll.dll 0x76520000 0x1D000 C:\WINDOWS\system32\cscdll.dll cryptdll.dll 0x766E0000 0xC000 C:\WINDOWS\system32\cryptdll.dll NTDSAPI.DLL 0x766F0000 0x14000 C:\WINDOWS\system32\NTDSAPI.DLL USERENV.dll 0x76920000 0xC2000 C:\WINDOWS\system32\USERENV.dll ATL.DLL 0x76A80000 0x18000 C:\WINDOWS\system32\ATL.DLL WINMM.dll 0x76AA0000 0x2D000 C:\WINDOWS\system32\WINMM.dll sfc.dll 0x76B10000 0x5000 C:\WINDOWS\system32\sfc.dll SHSVCS.dll 0x76B40000 0x23000 C:\WINDOWS\system32\SHSVCS.dll PSAPI.DLL 0x76B70000 0xB000 C:\WINDOWS\system32\PSAPI.DLL credui.dll 0x76B80000 0x2E000 C:\WINDOWS\system32\credui.dll WINTRUST.dll 0x76BB0000 0x2B000 C:\WINDOWS\system32\WINTRUST.dll sfc_os.dll 0x76BE0000 0x2B000 C:\WINDOWS\system32\sfc_os.dll imagehlp.dll 0x76C10000 0x28000 C:\WINDOWS\system32\imagehlp.dll MPRAPI.dll 0x76CD0000 0x19000 C:\WINDOWS\system32\MPRAPI.dll iphlpapi.dll 0x76CF0000 0x1A000 C:\WINDOWS\system32\iphlpapi.dll adsldpc.dll 0x76DC0000 0x28000 C:\WINDOWS\system32\adsldpc.dll ACTIVEDS.dll 0x76DF0000 0x34000 C:\WINDOWS\system32\ACTIVEDS.dll rtutils.dll 0x76E30000 0xC000 C:\WINDOWS\system32\rtutils.dll DNSAPI.dll 0x76ED0000 0x2A000 C:\WINDOWS\system32\DNSAPI.dll WTSAPI32.dll 0x76F00000 0x8000 C:\WINDOWS\system32\WTSAPI32.dll WLDAP32.dll 0x76F10000 0x2E000 C:\WINDOWS\system32\WLDAP32.dll Secur32.dll 0x76F50000 0x13000 C:\WINDOWS\system32\Secur32.dll winrnr.dll 0x76F70000 0x7000 C:\WINDOWS\System32\winrnr.dll rasadhlp.dll 0x76F80000 0x5000 C:\WINDOWS\system32\rasadhlp.dll COMRes.dll 0x77010000 0xC6000 C:\WINDOWS\system32\COMRes.dll SETUPAPI.dll 0x770E0000 0x108000 C:\WINDOWS\system32\SETUPAPI.dll WINSTA.dll 0x771F0000 0x11000 C:\WINDOWS\system32\WINSTA.dll USER32.dll 0x77380000 0x91000 C:\WINDOWS\system32\USER32.dll Comctl32.dll 0x77420000 0x103000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\Comctl32.dll COMCTL32.dll 0x77530000 0x97000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll ole32.dll 0x77670000 0x139000 C:\WINDOWS\system32\ole32.dll CLBCatQ.DLL 0x777B0000 0x83000 C:\WINDOWS\system32\CLBCatQ.DLL REGAPI.dll 0x77910000 0x11000 C:\WINDOWS\system32\REGAPI.dll VERSION.dll 0x77B90000 0x8000 C:\WINDOWS\system32\VERSION.dll msvcrt.dll 0x77BA0000 0x5A000 C:\WINDOWS\system32\msvcrt.dll GDI32.dll 0x77C00000 0x48000 C:\WINDOWS\system32\GDI32.dll RPCRT4.dll 0x77C50000 0x9F000 C:\WINDOWS\system32\RPCRT4.dll OLEAUT32.dll 0x77D00000 0x8B000 C:\WINDOWS\system32\OLEAUT32.dll SHLWAPI.dll 0x77DA0000 0x52000 C:\WINDOWS\system32\SHLWAPI.dll NTMARTA.DLL 0x77E00000 0x21000 C:\WINDOWS\system32\NTMARTA.DLL kernel32.dll 0x77E40000 0x102000 C:\WINDOWS\system32\kernel32.dll ADVAPI32.dll 0x77F50000 0x9B000 C:\WINDOWS\system32\ADVAPI32.dll ntdll.dll 0x7C800000 0xC0000 C:\WINDOWS\system32\ntdll.dll shell32.dll 0x7C8D0000 0x7FF000 C:\WINDOWS\system32\shell32.dll SAMLIB.dll 0x7E020000 0xF000 C:\WINDOWS\system32\SAMLIB.dll The Event: ======= Sequence: 555880 Date & Time: 05.09.2008 10:08:40 Event Class: File System Operation: SetBasicInformationFile Result: SUCCESS Path: C:\Documents and Settings\%username%\Application Data\<path to folder> TID: 34504 Duration: 0.0000461 CreationTime: 01.01.1601 02:00:00 LastAccessTime: 01.01.1601 02:00:00 LastWriteTime: 01.01.1601 02:00:00 ChangeTime: 01.01.1601 02:00:00 FileAttributes: RN
  2. hovelsj
    We have a problem with roaming profiles copied during logon. We experience that winlogon.exe copies files and folders from the profile-share and sets the "Read-Only"-attribute on the folders through the "SetBasicInformationFile"-operation. An application we use checks for this attribute and quits if found. If we copy files from the profile-share manually from a logged in session, the attribute is not set. The share is on Samba (version 3.0.21b). The Archive-attribute is set on the files on the share. Why does winlogon.exe set the "Read-Only"-attribute ® at logon? Any input is appreciated
×
×
  • Create New...