Enforce logon

Similar Messages

• Having trouble getting "Set action to take when logon hours expire" to work - Windows Server 2012

  I have a Windows Server 2012 server that allows remote desktop users (sessions are hosted on the server itself). I'm trying to enforce logon hours for these remote desktop users.
  I have specified logon hours for a user and confirmed that they work--they aren't allowed to logon when logon hours are disabled. However, they are allowed to continue a session past their logon hours limit if they are already signed in (which is fine, this
  is the default behavior).
  However, when I try to use the `Set action to take when logon hours expire` option (`User Configuration/Administrative Templates/Windows Components/Windows Logon Options/Set action to take when logon hours expire`), and set the behavior to "Logoff",
  nothing happens--the user can continue their session happily. I've tried applying this policy both for the user's group and for the local computer. I've run `gpresult` for the user and confirmed that the policy is apparently in place.
  I also naively tried the "Force logoff when logon hours expire" option, but that apparently doesn't apply to interactive logins (confusing!).
  Am I misapplying this setting, or do I need to take some other steps to get it to work? I'd be grateful for any input. Thanks!

  Hi,
  Sorry for the late response.
  We can log off and log on again to see whether the setting gets applied.
  According to
  Policy Settings that require a reboot or logon section in the following article, this setting needs a logon.
  Deploying Group Policy Using Windows Vista
  http://technet.microsoft.com/en-us/library/cc766208(v=WS.10).aspx
  Best regards,
  Frank Shen

• Secured Internal Network (ASA 5510)

  We have an internal subnet (Secured Server LAN) that requires network authorization. This subnet contains a separate AD forest with the servers as members of the domain. The Windows XP clients that access these resources are also members of the secure AD forest but are connected to the corporate LAN. We would want to configure RSA SecureID to provide two-factor authentication for the users. Can the ASA 5510 provide network authorization prior to attempting to login to Active Directory without configuring SSL VPN? Please see attachment...

  You can able to configure authorization in your ASA device before accessing AD. The below URL presents example procedures for configuring authentication and authorization on the security appliance using the Microsoft Active Directory server. It includes the following use cases:
  •User-Based Attributes Policy Enforcement
  •Placing LDAP users in a specific Group-Policy
  •Enforcing Static IP Address Assignment for AnyConnect Tunnels
  •Enforcing Dial-in Allow or Deny Access
  •Enforcing Logon Hours and Time-of-Day Rules
  http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/extsvr.html#wp1572118

• Slow boot with SSD

  I have a Corsair Force 180g SSD (SATA3) in a MBP15, with the 2.2 i7 and 8g ram.  Boot time seems long for a SSD.  From button-on to Apple logo takes 35 seconds.  After the logo, its less than 15 seconds to my desktop, which includes an enforced logon process.  I'm ok with the <15 sec, and apps really run fast now, but the slow POST is concerning me.  I can't find anything on a fast boot setting, etc... I understand the MBP uses SATA2.. is it possible I have a SATA3 - SATA2 issue that's slowing down the POST?    

  My SysPref refers to a Start-up disk only; I assume the Volume is assumed.  Only this SSD list listed and selected.  Below is the list of properties.  Is the Disk ID and maybe even the name an issue?  Should it be disk0s1?  the drive was built while attached to another machine.. its  a long story as to why I had to do that...  Is it possible the system is looking for the first drive and eventually falling back to this drive?  I would think the being the target boot disk in SysPref would deal with this....
  Disk Identifier :           disk0s2
            Mount Point :           /
            System Name :           Mac OS X
            System Version :           10.7.2
            System Build :           11C74
            System Copyright :           1983-2011 Apple Inc.
            File System :           Mac OS Extended (Journaled)
            Connection Bus :           SATA
            Device Tree :           IODeviceTree:/PCI0@0/SATA@1F,2/PRT0@0/PMP@0
            Writable :           Yes
            Universal Unique Identifier :           1B6F86E0-2BF2-34A3-9F1B-E67DED66C86F
            Capacity :           179.19 GB (179,186,008,064 Bytes)
            Free Space :           124.16 GB (124,158,898,176 Bytes)
            Used :           55.03 GB (55,027,109,888 Bytes)
            Number of Files :           428,517
            Number of Folders :           97,889
            Owners Enabled :           Yes
            Can Turn Owners Off :           Yes
            Can Repair Permissions :           Yes
            Can Be Verified :           Yes
            Can Be Repaired :           Yes
            Can Be Formatted :           Yes
            Bootable :           Yes
            Supports Journaling :           Yes
            Journaled :           Yes
            Disk Number :           0
            Partition Number :           2

• SqlException was caught: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

  Hi,
  I have deployed an On-Premise SharePoint solution with event receiver to update external SQLDB.  I'm using Visual Studio 2013 to create a SharePoint 2013 project on the same machine where SharePoint 2013 server is running.  I was able to create
  new items, but unable to update/delete.  My event were fired accordingly however got choked on sqlConnectionlOpen() when attempting to update/delete with the following exception:
  SqlException was caught: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
  Why would SharePoint uses SharePoint web application account my admin created to create and assumes NT AUTHORITY\ANONYMOUS LOGON account for update\delete?  Any idea how to fix?
  Appreciate your help.

  I'm new to SharePoint development.  I'm not familiar with SharePoint object model.  Do I need to use it for working with external data?  I used SPSecurity.RunWithElevatedPrivileges
  block like you have suggested and is now working fine for both update/delete =)
  My project is to develop a SharePoint site to work off external SQL DB.  I tried BCS approach to work with external data but that didn't allow workflow/task feature.
   Besides, there is no delete event where I can manually sync with external data when an item gets deleted when using SharePoint 2013 Designer.  So using event receiver with SharePoint solution in VS2013 is the solution.  Now that I am able to
  propagate changes to external data store on item events, the new challenge is how do I over come SharePoint deployment conflict resolution (default? enforcement?) as each publish automatically deletes existing items in my lists and recreate? In another word,
  I'm trying to replicate SharePoint list to external data store each transaction to keep them sync.  Any thought would be greatly appreciated.

• How to make "check for multiple logons" mandatory in webdynpro application.

  Hi SDN members,
  Im having a problem with an application developed in webdynpro abap.
  We require that  end-user only have a session per computer (ip address),
  I already tried to achieve this by configuring the webdynpro application throguh SICF and going to Error Pages -> Logon Errors --> System Logon and mark the checkbox Check for multiple logons.
  This configurations give only a warning when the user logs multiple times, and show a checkbox letting the user decide to end or not the previous sessions.
  How to make end previuos sessions mandatory ??
  Regards,
  Franklin Cedillo

  You would have to enforce this at the application level. You can get the IP address of the current client from the framework - IF_WD_APPLICATION method GET_REMOTE_ADDRESS.
  You could write an entry with the IP address into a temporary table during WDDOINIT.  You could clear the entry in the WDDOEXIT.  Also during the WDDOINIT, check to see if there is already an entry for this IP address.  If so, then fire an exit nagivation plug to a static MIME object or BSP page that explains why the user can only be logged in once.

• Two policies which one is enforced

  Win7 64 bit using 11.2.3a pushing policies via Zen. I have a policy that is
  restrictive assigned to a folder that generic login for students live in. I
  have a unique login for a user that I directly assigned a less restrictive
  admin policy to that is in the same folder. These users live in eDirectory.
  when checking the properties of ZCM under policies both the restrictive and
  less restrictive both show success. Unfortunately the more restrictive
  policy that the user is inheriting from the folder level is what is being
  enforced. My question is does a more restrictive inherited policy have
  precedence over a directly assigned less restrictive policy? Is this proper
  behavior?

  Thanks. That’s probably the issue. The admin policy is an open policy that
  probably as you say is not expressly enabling the disabled features that the
  restrictive policy is closing. I'll check it out. Thanks.
  "CRAIGDWILSON" wrote in message
  news:Qopev.1828$[email protected] .com...
  Make sure the Less Restrictive Policy Explicitly Removes any Restrictions.
  "Unset" is the default and will not over-ride a previous Enable or Disable.
  You need to Explicitly set it to "Enable or Disable" to override.
  Alternately, if this is a user assigned policy, you could set a system
  requirement such as "Logon Name" <> "HelpDesk", then the restrictive
  policy would not apply in the 1st place.
  However, for schools i generally would prefer a Student Accessible
  device be locked down by default, and then unlocked via a policy that
  grants rights. Just too many hackers who can figure out how to
  interrupt the policy application process when a device is unlocked by
  default.
  On 5/19/2014 9:58 AM, CCPS wrote:
  > Win7 64 bit using 11.2.3a pushing policies via Zen. I have a policy that
  > is restrictive assigned to a folder that generic login for students live
  > in. I have a unique login for a user that I directly assigned a less
  > restrictive admin policy to that is in the same folder. These users live
  > in eDirectory. when checking the properties of ZCM under policies both
  > the restrictive and less restrictive both show success. Unfortunately
  > the more restrictive policy that the user is inheriting from the folder
  > level is what is being enforced. My question is does a more restrictive
  > inherited policy have precedence over a directly assigned less
  > restrictive policy? Is this proper behavior?
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Technical Support Engineer
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.

• Waiting for user logon...

  Hi,
  we're currently experiencing issues with random applications refusing to install with the message 'Waiting for user logon'. I'm seeing this in Software Center so obviously someone is logged on. It doesn't seem to matter if I'm logged in via RDP or directly
  on the pc. I've gone through the basics with the deployment monitoring tool and skimmed through some logs but nothing jumps out.
  I have to admit, I don't know a lot about sccm 2012 as it's no longer my area so my experience and training is mostly limited to sms / sccm 2007. I do know that the current guys running know very little and anything that doesn't work is a "known microsoft
  issue" - only they can never point you to a KB. I now work mostly in remediation of legacy apps to win 7 / x64 but being as it's not installing it's considered broken so naturally it has become my problem.
  Any help with this would be greatly appreciated!

  I attempted a CCMRepair on this client, and it didn't make a difference. I haven't yet uninstalled and reinstalled the client completely yet. 
  The CcmExec log shows (every time user logs in), that there's a login detected, and it shows it on session 2:
  Registering for Logon/Logoff notifications.
  Found user S-1-5-21-4083790691-3944967354-608316658-65900 on session 2
  Added CCM (user, session) is: (S-1-5-21-4083790691-3944967354-608316658-65900,2).
  No cached user during RegisterForLogon.
  New CCM (user, session) is: (S-1-5-21-4083790691-3944967354-608316658-65900,2).
  User 'S-1-5-21-4083790691-3944967354-608316658-65900' is logged on to session 2 during RegisterForLogon.
  Watching the other sccm logs as it attempts to install this application that's currently Waiting for User Logon, it essentially does this several times a second for a while. This is 10 minutes after the login log noted above. It is showing the correct
  user SID, but no session (-1). The logs were merged chronologically, and the log is noted at the end of each line where it came from.
  State message(State ID : 2002) with TopicType 1702 and TopicId MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25/5 has been recorded for S-1-5-21-4083790691-3944967354-608316658-65900
  StateMessage
  The target instance path is CCM_Application.Id="MyVendorId/Application_4a14ecbe-f411-41a6-b096-d0625d462d25",Revision="5",IsMachineTarget=0
  CCMSDKProviderRaising client SDK event for class CCM_Application, instance CCM_Application.Id="MyVendorId/Application_4a14ecbe-f411-41a6-b096-d0625d462d25",Revision="5",IsMachineTarget=0,
  actionType 23l, value , user S-1-5-21-4083790691-3944967354-608316658-65900, session 4294967295l, level 0l, verbosity 30l
  CIAgentState message with TopicType 1702 and TopicId MyVendorId/Application_4a14ecbe-f411-41a6-b096-d0625d462d25/5 has been updated
  StateMessage
  The action type is 23
  CCMSDKProvider
  The user SID is S-1-5-21-4083790691-3944967354-608316658-65900
  CCMSDKProviderThe logon session ID is -1
  CCMSDKProvider
  The message level is 0
  CCMSDKProvider
  The verbosity is 30
  CCMSDKProvider
  The value is
  CCMSDKProviderJob({E9FD9460-DC59-434D-9661-45C96253174E}): Setting
  priority to 5 : Task(MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25.5.Enforce)
  CIAgent
  CCIStateStore::SendStateMessages - ModelName: MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25, Version:5 UserID:S-1-5-21-4083790691-3944967354-608316658-65900, Priority: 5
  CIStateStore
  CIStateStore
  An existing CI state is changed
  CIStateStore
  [MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25:5] CIEnforceState changed: Enforcing --> WaitingForUserLogon
  CIStateStore
  [MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25:5] AreDetailsUpdated: No
  CIStateStore
  CIStateStore
  GetAllInstances - 1302 instance(s) of 'CCM_StateMsg' found
  StateMessageProvider
  State message with TopicType 1701 and TopicId MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25/5 has been updated
  StateMessageGetAllInstances - 1302 instance(s) of 'CCM_StateMsg' found
  StateMessageProvider
  Job({2C94A554-48CE-4CB6-9B70-6AC79B8A6B58}): Already Completed : Task(MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25.5.Enforce)
  CIAgentCCIStateStore::SendStateMessages - ModelName: MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25,
  Version:5 UserID:S-1-5-21-4083790691-3944967354-608316658-65900, Priority: 5
  CIStateStore
  CIStateStore
  An existing CI state is changed
  CIStateStore[MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25:5]
  CIEnforceState changed: WaitingForUserLogon --> Enforcing
  CIStateStore[MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25:5]
  AreDetailsUpdated: No
  CIStateStore

• Logout/logon for password change

  Hello,
  We have an old 6i form in which we allowed the user to change his/her password and the form then did a logout followed by a login with the new credentials. This seem to fail on 9i/10g, however. Have any new rules been enforced regarding this?
  Thanks in advance,
  -Nik

  Nicklas,
  the default Forms behavior is to show a logon screen to renew the expired password in case the used one isn't valid anymore.
  The online help doen't describe how to re-new passwords because this is nothing Forms provides natively. All that Forms provides is a logon built-in and a logout built-in.
  I did a test in SQL*PLUS with
  alter user Scott identified by tiger2;
  to change the user password while being connected. Though I changed the password, the session still was active and I did not have to re-authenticate. I guess the same is true from Forms. If e.g you can a database program unit that executes this command then you shouldn't have to logout/logon in Forms. The next time you connect you have to use the new user password though.
  One reason to use the password expiry and have Forms re-newing the password is if you use Single Sign-On in Forms10g, because in this case Forms also updates teh RAD entry in OID.
  Frank

• PEAP with Windows logon to domain

  Hello everybody,
  We are looking for a document about how to setup PEAP with Windows logon to domain that it also has logon script or group policy enforcement from the domain controller machine.
  We have seen the following topic but we could not access the example implementation document that he recommended (replied by verdann)
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=Security%20and%20Network%20Management&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.eead8c5
  We are using wireless LAN controller with lightweight access points. Could anyone please advice us?
  Thanks in advance,
  Nitass

  Hi,
  I recommend the following 2 Documents for PEAP-Konfiguration with whole microsoft environtment. The first one is to get PEAP running very simple, the socond one adds group policies etc.
  http://www.microsoft.com/downloads/details.aspx?FamilyID=0f7fa9a2-e113-415b-b2a9-b6a3d64c48f5&DisplayLang=en
  http://www.microsoft.com/downloads/info.aspx?na=47&p=3&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=0f7fa9a2-e113-415b-b2a9-b6a3d64c48f5&u=details.aspx%3ffamilyid%3d269902E8-FC41-4EB1-9374-44612E64F0FB%26displaylang%3den

• GP logon script with PowerShell

  We have a Windows Server 2012 domain and would like to create a GP logon script with PowerShell.
  So if you execute the .ps1 file, the specified logon script settings (including parameters) would be applied automatically in the GP.
  Any idea of such command line?

  Thanks for the tips!
  May not be the easiest solution, but it works:
  I created a backup of the GPO set fully graphical interface, and I've copied ps1 file in the same folder.
  #Start
  #Create GPO
  $gponame = "Program_AutoStart"
  Write-Host ""
  $ou = Read-Host "What is your Organisational Unit name?"
  Write-Host ""
  $enforce = Read-Host "Do you want enforce Group Policy link? (Yes/No)"
  $dc1 = $env:userdnsdomain
  $dc1length = $env:userdnsdomain.Length
  $dc1s = $env:userdnsdomain.Split(".")
  $dc1count = $dc1s[$dc1s.Count-1].Length+1
  $dc1max = $dc1length-$dc1count
  $dc1 = $dc1.Substring(0,$dc1max)
  $dc2 = $env:userdnsdomain.Split(".")
  $dc2 = $dc2[$dc2.Count-1]
  Write-Host ""
  Write-Host -Object "Create a new Group Policy Object..."
  #replace GPO settings
  ##backup.xml file
  $backupFilePath = ".\backup\{2F708EB2-F154-4739-8F6D-1F16C954649C}\Backup.xml"
  $content = Get-Content -path $backupFilePath
  $content | foreach { $_.Replace("mydomainname","$env:userdnsdomain") } | Set-Content $backupFilePath
  $content = Get-Content -path $backupFilePath
  $content | foreach { $_.Replace("mycomputername","$env:COMPUTERNAME") } | Set-Content $backupFilePath
  $content = Get-Content -path $backupFilePath
  $content | foreach { $_.Replace("mynetbiosname","$env:userdomain") } | Set-Content $backupFilePath
  ##backup.xml file
  $bkupinfoFilePath = ".\backup\{2F708EB2-F154-4739-8F6D-1F16C954649C}\bkupinfo.xml"
  $content = Get-Content -path $bkupinfoFilePath
  $content | foreach { $_.Replace("mydomainname","$env:userdnsdomain") } | Set-Content $bkupinfoFilePath
  $content = Get-Content -path $bkupinfoFilePath
  $content | foreach { $_.Replace("mycomputername","$env:COMPUTERNAME") } | Set-Content $bkupinfoFilePath
  $content = Get-Content -path $bkupinfoFilePath
  $content | foreach { $_.Replace("mynetbiosname","$env:userdomain") } | Set-Content $bkupinfoFilePath
  ##gpreport.xml file
  $gpreportFilePath = ".\backup\{2F708EB2-F154-4739-8F6D-1F16C954649C}\gpreport.xml"
  $programexe = "$env:logonserver\$share\My_Program\program.exe"
  $content = Get-Content -path $gpreportFilePath
  $content | foreach { $_.Replace("mycommand","$programexe") } | Set-Content $gpreportFilePath
  Write-Host ""
  $parameters = Read-Host "Add your parameters"
  $content = Get-Content -path $gpreportFilePath
  $content | foreach { $_.Replace("myparameters","$parameters") } | Set-Content $gpreportFilePath
  ##scripts.ini file
  $gpreportFilePath = ".\backup\{2F708EB2-F154-4739-8F6D-1F16C954649C}\DomainSysvol\GPO\User\Scripts\scripts.ini"
  $content = Get-Content -path $gpreportFilePath
  $content | foreach { $_.Replace("mycommand","$programexe") } | Set-Content $gpreportFilePath
  $content = Get-Content -path $gpreportFilePath
  $content | foreach { $_.Replace("myparameters","$parameters") } | Set-Content $gpreportFilePath
  #Import GPO and link
  Write-Host ""
  Write-Host -Object "Import Group Policy settings..."
  Import-GPO -BackupGpoName "$gponame" -TargetName "$gponame" -Path ".\backup" -CreateIfNeeded
  New-GPLink -Name "$gponame" -target "ou=$ou,dc=$dc1,dc=$dc2" -Enforced $enforce -LinkEnabled Yes
  #Replace undo
  ##backup.xml file
  $content = Get-Content -path $backupFilePath
  $content | foreach { $_.Replace("$env:userdnsdomain","mydomainname") } | Set-Content $backupFilePath
  $content = Get-Content -path $backupFilePath
  $content | foreach { $_.Replace("$env:COMPUTERNAME","mycomputername") } | Set-Content $backupFilePath
  $content = Get-Content -path $backupFilePath
  $content | foreach { $_.Replace("$env:userdomain","mynetbiosname") } | Set-Content $backupFilePath
  ##backup.xml file
  $content = Get-Content -path $bkupinfoFilePath
  $content | foreach { $_.Replace("$env:userdnsdomain","mydomainname") } | Set-Content $bkupinfoFilePath
  $content = Get-Content -path $bkupinfoFilePath
  $content | foreach { $_.Replace("$env:COMPUTERNAME","mycomputername") } | Set-Content $bkupinfoFilePath
  $content = Get-Content -path $bkupinfoFilePath
  $content | foreach { $_.Replace("$env:userdomain","mynetbiosname") } | Set-Content $bkupinfoFilePath
  ##gpreport.xml file
  $content = Get-Content -path $gpreportFilePath
  $content | foreach { $_.Replace("$programexe","mycommand") } | Set-Content $gpreportFilePath
  $content = Get-Content -path $gpreportFilePath
  $content | foreach { $_.Replace("$parameters","myparameters") } | Set-Content $gpreportFilePath
  ##scripts.ini file
  $content = Get-Content -path $gpreportFilePath
  $content | foreach { $_.Replace("$programexe","mycommand") } | Set-Content $gpreportFilePath
  $content = Get-Content -path $gpreportFilePath
  $content | foreach { $_.Replace("$parameters","myparameters") } | Set-Content $gpreportFilePath
  #End

• Windows 2008 Terminal Server "user must change password at next logon" problem with Windows 7 client.

  Hi,
  I have a fully patched Windows 2008 SP2 Terminal Server and a fully patched Windows 7 client.
  I have logged into the Windows 2008 SP2 Terminal Server server with a test account via RDC before.
  When I try to log in via RDC to the 2008 TS with a test account which has been marked with the setting "User must change password at next logon" I get the RDC message "You must change your password before logging on the first time.  For assistance, contact your system administrator or technical support."  I need to force the user to change their password once it has been issued, any ideas on how this can be done?
  Thanks,
  Dan

  This does not resolve my issue all the way. I'm having the same problem; When i'm "deploying" users, i always want the users to set their own passwords. Ok, so I then set the auth mode to "RDP Security layer". It seemed to work fine, and it does for that
  special purpose.
  Just like Daniel, my clients are connecting to our terminal server from several/different "customer-domains" So, they can't logon locally(on their local computer) and change their password, it has to be done THROUGH the terminal server.
  But if I turn on RDP Security Layer, users can't use remoteapp through tsgw they only get: "Your Remote Desktop Connection Failed because the remote computer cannot be authenticated" Any ideas?
  Also, our terminal servers is round robin based in a farm. So users connect to: tsfarm.domain.com(yes, public a-record which resolves to two internal adresses) This is because, we're using a wilcard *.domain.com as SSL certificate.
  But, when i'm using this, our clients sometimes get double auth when they login. I only get the double auth when tsfarm.domain.com resolves to server A, but the session broker wants the user to be on server B.(load balancing)
  This does not occur when SSL is enforced, any ideas?

• Remote Desktop Connection Crashes after Interactive Logon

  We have a GP on our domain with an interactive logon set. When using RDConnection to logon to a Win10 10074 machine on the doamin, as soon as I click the OK button to get past the interactive logon the RDC crashes and I am back to my desktop. If I take that
  Win10 off of the domain and remove the interactive logon, I can use RDC like normal. Interactive logon is an enforced top level domain policy. It was fine in build 10041.
  FYI? Suggestions? TY
  (I updated a second Win10 to 10074 and the same thing is happening.)

  I found the answer here.
  http://community.spiceworks.com/topic/926475-unable-to-rdp-to-windows-10-machine-after-latest-build-10074
  Joey Kobra Apr
  30, 2015 at 1:58 PM 
  1ST POST
  This is probably due to the new LogonUI. Verify on the Event Manager if its failing. If that's your issue then try this in REGEDIT:
  HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\TestHooks
  change Threshold from 1 to 0
  This should revert back to the old login screen.

• Activating Security Policy at Portal Logon Page

  Hi @ll,
  Iu2019m not able to activate the password security policy check at portal logon page. For this purpose, I have already checked the Enforce Password Security Policy at Logon (System Administration->System Configuration->UME Configuration->Security Policy) and restarted the server too. But it is failed to appear at logon page.
  Plesae suggest me to resolve this problem.
  Thanks
  Gautam Singh

  Hi Gautam Singh,
  You say you are customizing the portal logon screen. Are you doing a simple modification by just changing UME properties as described in [Logon Screen Customization|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/43/fc3ae22adb025fe10000000a1553f7/frameset.htm] or are you actually changing .par files and creating your own logon application?
  Are you using config tool, the user management configuration Web Dynpro UI, or visual admin  to change the properties?
  Have you assigned the UME actions Logon_Help and Selfregister_User to the Anonymous Users group?
  -Michael

• Enforce using service name

  Naturally, it's not needed to use listener service to establish the new connection to database server.
  I am trying to configure oracle database server in such a way that enforce each connection to use service name. Logging each connection in listener log is the main objective for the configuration.
  Let's consider the following alternavites to establish the connection for database server:
  #1. [oracle@server folder]$sqlplus user/pwd@IP:port/sid (connecting to remove database server)
  #2. [oracle@server folder]$sqlplus user/pwd@SID (connecting locally)
  #3. Connecting to database server via link server
  #4. [oracle@server folder]$sqlplus user/pwd@(.............connection description...........) connecting via jdbc think client.
  #5. [oracle@server folder]$sqlplus / as sysdba (connecting locally)
  #6. [oracle@server folder]$sqlplus user/pwd (connecting locally)
  #5 and #6 doesn't use listener for database connection but listener is needed for #1 to #4.
  Could you please suggest me to configure to enforce using listener so that all the connection will be logged to listener log?
  I want to apply this approach in standalone and RAC environment.
  Thanks in advance.
  Suresh

  Hi Suresh,
  You can force that via Logon Trigger at database level by putting the condition you like on UserENV using Sys_context.
  Just for example when you connected using listener/Net8, Userenv will be having protocol and ip address. even though its coming from same as db server.You can always validate in logon trigger who can or can't connect.
  Test1 : connect using NET8
  [oracle1@gridcluster03 ~]$ sqlplus sys@DB as sysdba
  SQL*Plus: Release 11.1.0.7.0 - Production on Fri Dec 18 15:49:57 2009
  Copyright (c) 1982, 2008, Oracle. All rights reserved.
  Enter password:
  Connected to:
  Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
  With the Partitioning, Real Application Clusters, OLAP, Data Mining
  and Real Application Testing options
  SELECT sys_context('USERENV', 'IP_ADDRESS') "IP_ADDRESS", sys_context('USERENV', 'NETWORK_PROTOCOL') "PROTOCOL" from dual ;
  IP_ADDRESS PROTOCOL
  10.10.12.3 tcp
  TEST2 : Connect Locally :
  [oracle1@gridcluster03 ~]$ sqlplus "/ as sysdba"
  SQL*Plus: Release 11.1.0.7.0 - Production on Fri Dec 18 15:43:48 2009
  Copyright (c) 1982, 2008, Oracle. All rights reserved.
  Connected to:
  Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
  With the Partitioning, Real Application Clusters, OLAP, Data Mining
  and Real Application Testing options
  SQL> column "IP_ADDRESS" format a20
  column "PROTOCOL" format a20SQL>
  SQL> SELECT sys_context('USERENV', 'IP_ADDRESS') "IP_ADDRESS", sys_context('USERENV', 'NETWORK_PROTOCOL') "PROTOCOL" from dual ;
  IP_ADDRESS PROTOCOL
  When connecting locally no information passed to environment.
  =========================
  Hope this is useful and answer your question.
  Regards
  Krishan JAglan