Is there an application to monitor users who log into Windows Server 2012 R2?

Similar Messages

• List of users who logged into database

  Hi All.
  I want to know the list of users who logged in to database and the list of users for whom the password authentication is failed.
  I think we can get the logged in users information from v$session but i am trying to find the users list who failed to log in to the database with password authentication failure.
  Please help me...
  Thanks & Regards,
  Rajesh Amathi

  Hi,
  I suggest use trigger on system logon event. This is for general situation.
  Ex:
  create table user_log
  user_id varchar2(30),
  session_id number(8),
  host varchar2(30),
  last_program varchar2(48),
  last_action varchar2(32),
  last_module varchar2(32),
  logon_day date,
  logon_time varchar2(10),
  logoff_day date,
  logoff_time varchar2(10),
  elapsed_minutes number(8)
  create or replace trigger logon_audit_trigger
  AFTER LOGON ON DATABASE
  BEGIN
  insert into user_log values(
  user,
  sys_context('USERENV','SESSIONID'),
  sys_context('USERENV','HOST'),
  null,
  null,
  null,
  sysdate,
  to_char(sysdate, 'hh24:mi:ss'),
  null,
  null,
  null
  END;
  For unsuccessful logons:
  CREATE TABLE connection_audit (login_date DATE, user_name VARCHAR2(30));
  -- trigger to trap unsuccessful logons
  CREATE OR REPLACE TRIGGER logon_failures
  AFTER SERVERERROR
  ON DATABASE
  BEGIN
  IF (IS_SERVERERROR(1017)) THEN
  INSERT INTO connection_audit (login_date, user_name) VALUES(SYSDATE, 'ORA-1017');
  END IF;
  END logon_failures;
  Please refer for more several combination: http://psoug.org/reference/system_trigger.html
  Edited by: Ulfet Tanriverdiyev on Jul 7, 2010 10:49 PM

• Having problem with svchost.exe/ntdll.dll errors causing GPSVC (Group Policy Client) to crash preventing users from logging into the server.

  Recently (within the past 2 weeks) I have noticed a few of our servers will have problems with the svchost.exe application causing the GPSVC (Group Policy Client) to crash. The only fix at that point is to reboot the server since the GPSVC service is tied
  to svchost.exe and therefore is protected from being manually restarted.
  I noticed the following errors when this occurs:
  Log Name:      Application
  Source:        Application Error
  Date:          7/23/2013 4:35:26 AM
  Event ID:      1000
  Task Category: (100)
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      Server1.xxx.xxx.net
  Description:
  Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
  Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
  Exception code: 0xc0000024
  Fault offset: 0x00000000000cd7d8
  Faulting process id: 0x46c
  Faulting application start time: 0x01ce877f9476ac07
  Faulting application path: C:\Windows\system32\svchost.exe
  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
  Report Id: d252d26d-f372-11e2-8ad4-005056ac00e8
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Application Error" />
      <EventID Qualifiers="0">1000</EventID>
      <Level>2</Level>
      <Task>100</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-07-23T08:35:26.000000000Z" />
      <EventRecordID>158950</EventRecordID>
      <Channel>Application</Channel>
      <Computer>AAW19XM2.agency.nwie.net</Computer>
      <Security />
    </System>
    <EventData>
      <Data>svchost.exe</Data>
      <Data>6.1.7600.16385</Data>
      <Data>4a5bc3c1</Data>
      <Data>ntdll.dll</Data>
      <Data>6.1.7601.17725</Data>
      <Data>4ec4aa8e</Data>
      <Data>c0000024</Data>
      <Data>00000000000cd7d8</Data>
      <Data>46c</Data>
      <Data>01ce877f9476ac07</Data>
      <Data>C:\Windows\system32\svchost.exe</Data>
      <Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
      <Data>d252d26d-f372-11e2-8ad4-005056ac00e8</Data>
    </EventData>
  </Event>
  All of our servers are running Server 2008 R2 Enterprise where we use Citrix to deliver desktop sessions to our users, but some are virtual and some are physical. This seemingly impacts our virtual machines more, and our VMs are hosted through VMWare, however,
  about 5 months ago a similar error fired on a non-virtual machine:
  Log Name:      Application
  Source:        Application Error
  Date:          2/27/2013 6:57:58 AM
  Event ID:      1000
  Task Category: (100)
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      AAW29033
  Description:
  Faulting application name: svchost.exe_gpsvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
  Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
  Exception code: 0xc0000024
  Fault offset: 0x00000000000cd7d8
  Faulting process id: 0x6c0
  Faulting application start time: 0x01ce14e1af313fd9
  Faulting application path: C:\Windows\system32\svchost.exe
  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
  Report Id: ed3d01c4-80d4-11e2-9128-b499baa9e5e8
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Application Error" />
      <EventID Qualifiers="0">1000</EventID>
      <Level>2</Level>
      <Task>100</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-02-27T11:57:58.000000000Z" />
      <EventRecordID>286291</EventRecordID>
      <Channel>Application</Channel>
      <Computer>AAW29033</Computer>
      <Security />
    </System>
    <EventData>
      <Data>svchost.exe_gpsvc</Data>
      <Data>6.1.7600.16385</Data>
      <Data>4a5bc3c1</Data>
      <Data>ntdll.dll</Data>
      <Data>6.1.7601.17725</Data>
      <Data>4ec4aa8e</Data>
      <Data>c0000024</Data>
      <Data>00000000000cd7d8</Data>
      <Data>6c0</Data>
      <Data>01ce14e1af313fd9</Data>
      <Data>C:\Windows\system32\svchost.exe</Data>
      <Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
      <Data>ed3d01c4-80d4-11e2-9128-b499baa9e5e8</Data>
    </EventData>
  </Event>
  I've searched and cannot seem to find any information as to what may be causing this, or even really where to start. Would someone be able to help me identify what might be causing this event, specific with the Exception code: 0xc0000024, which causes
  the Group Policy Client service to stop?

  You still out there looking at things? If so I have an update. The issue hasn't stopped, even though it did seemingly die down for awhile, however, it is now back with a vengeance.
  I am able to force it to happen by killing the svchost process that is hosting GPSVC. If I run gpupdate /force, then logout/login it does get GPSVC running again. Furthermore, if I simply start svchost again via the Task Manager GPSVC starts running again.
  When I access the server remotely with KVM it acts just like it does as if I'm logging into it via Citrix/RDP which for Admin IDs gives an error saying "Failed to connect to a windows service. Windows could not connect to the Group Policy Client service...",
  however, normal user accounts just get a message when logging into the server "The Group Policy Client Service Failed the Logon. Access is denied."
  I haven't opened a case with Microsoft yet, but we about ready to because of the increase in these errors.
  If you have any further suggestions that would be great, otherwise I'll provide an update once I get word back from Microsoft.
  **EDIT -- apparently I mistook the the server's SCM's actions as my own. I was able to successfully crash the GPSVC service by killing the hosting svchost process, however, after I crashed it and let it sit crashed for awhile when I attempted
  to restart either by starting a svchost task, or running gpupdate /force it failed. Either that, or there is a timing issue where if we don't restart the svchost process, or run gpupdate /force quickly enough it won't be able to recover without a reboot.

• Monitor will not restart on Windows Server 2012

  With release build we can install Monitor agent on Windows Server 2012, with admin, POA, MTA etc also installed and running ok, in either service or application mode and the monitor agent will run ok at the end of the install. If then exit the application and try to restart it will fail with no errors. Uninstall and re install the application and it will again start first time but not thereafter.

  JulianBowker,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://www.novell.com/support and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Forums Team
  http://forums.novell.com

• How to getcapabilities of user who logged into IDM?

  Hi All,
  I am having the same problem. I have posted this question earlier also. But some one said forms will always have the refrence of the configurator.
  But in the documentation its is said that <ref>:display.session</ref>, will be a valid Identity Manager Sesssion. More over iam using passing the value ie <ref>:display.session</ref>, to get the resources that logged in user have access. There its getting corretly based on the logged in user. I am giving the two codes below.
  1. <Field name='waveset.resources'>
  <Display class='Label'>
  <Property name='value'>
  <invoke name='getResources' class='com.waveset.ui.FormUtil'>
  <ref>:display.session</ref>
  </invoke>
  </Property>
  </Display>
  </Field>
  The above code gets the resources the logged in user has access correctly based on who logs in. Its not getting the resources that "Configurator" has access.
  2. <Field name='Capability'>
  <Display class='Label'/>
  <Default>
  <invoke name='getCapabilities' class='com.waveset.ui.FormUtil'>
  <ref>:display.session</ref>
  </invoke>
  </Default>
  </Field>
  The above code gives the capability of the "Configurator", irrespective of who evers logs in.
  can ony one help me to sort out this problem if u have achieved prviously plz post your piece of code that would help me to to proceed furthur...
  Thanks in advance
  Regards,

  Hi,
  When adding to the title:
  The default available on the Insert menu is the full page item list &PageItems.
  However the undocumented way to add a single page item is to type &PageItemName which in this case will be the calculation item for the USER function.
  For example:
  Calculation TheUser defined as USER.
  Place TheUser on pageitems area.
  Add &TheUser to page title (does not require &PageItems to be present)
  regards
  John

• Can't record web session in Web Application Transaction Monitoring using IE10 (Tried under Windows Server 2008R2 and 2012)

  Hi,
  In Operations Manager Console 2012 SP1 including RU2 I am trying to record a web session in Web Application Transaction Monitoring.
  I have check that:
  The add-on (Microsoft Web Recorder Helper) 64bit is Enabled.
  The 64bit version of IE10 is running/launched. See this link for how to modify your registry key if needed:  http://kevingreeneitblog.blogspot.co.uk/2012/01/scom-2012-recording-web-browser-session.html
  I have tried both on a Windows 2008R2 and 2012 server, but the recorder is not showing up as can been seen from Kevin's Blog (link above).
  Any Ideas?

  I managed to get this working on both Windows 8 IE10 and server 2012 IE10. Tested on SCOM 2012 SP1 UR2 and UR3. I've done this process in lab and production several times so hopefully this helps you out.
  Checklist:
  1. Ensure that the 64bit IE10 is launching when the "start web-capture" is started in SCOM.
  2. Enable IE10 internet options:
  a: Advanced - Security - Enable Enhanced Protected Mode
  b: Advanced - Browsing - Enable third-party browser extensions
  3. Close all running IE sessions and open the Registry Editor
  4. Registry Change (No reboot needed)
  - Browse to the following regkey:
  HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
  - Add a new DWORD called TabProcGrowth and set it to 0
  5. Registry Change (No reboot needed)
  - Browse to the following regkey:
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\
  -You should see two subkeys labeled: (These are the cached BHO IE objects related to the Web Recorder)
  {00021493-0000-0000-C000-000000000046}
  {00021494-0000-0000-C000-000000000046}
  - Delete only the above two mentioned keys (This will force IE to recache them next launch)
  6. Try to start the web capture again from SCOM 2012 SP1.
  7. When IE10 Launches enable the add-on again if you are prompted.
  8. If you still don't see the Web-Recorder pane in IE you can now show it by:
   - View - Explorer bars - Web Recorder

• User Profile Disks with Windows Server 2012 and Windows 8 VDI

  Hello experts!
  We are building a new server setup for the office and are unable to figure out why UPD will not work. We have VDI setup and a user for instance
  connecting through the RDWeb workplace will dynamically get one of the available Windows 8 Machines delivered through Hyper-V and can successfully login on this machine via Active Directory. So far so good...
  However, when we activate the User Profile Disks "UPD" feature the login takes forever and the VHDX will not mount on c:\users\...
  as expected within the virtual Windows 8 machine.
  The UPD config is quite simple, with just the path "\\vmhost\upd\" set. This share has (now during test) full access for everyone,
  both on share level and on security level, but still the VHDX will not mount.
  The UVHD-template.vhdx file gets created just fine when UPD is activated, and during login through RDWeb a TEMP-UVHD-S-1-5-21-1477358240-4159876597-995667825-500.vhdx
  gets created, but there it stops... The login process takes a couple of minutes by the "Windows förbereds" (roughly translated to English "Preparing Windows"), and then the user gets logged in with a temporary profile.
   - The event log says (translated using Google translate):
  Failed to obtain a user profile disk for the user account with SID S-1-5-21-1477358240-4159876597-995667825-500.
  Make sure the location of the user profile desk can be reached, the server's computer account has read and write permissions to the site and that there is a template file for user profile disks at the site.
  Name of the virtual desk"font-size:14px;font-family:'Droid Serif', Georgia, 'Times New Roman', serif;color:#222222;line-height:23px;"
  />HRESULT: 0x8007007B.0
  Please help, it should not be that hard to achieve this.

  Hi,
  As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many
  similar scenarios.
  If the issue still persists and you want to return to this question, please reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer
  as you wish.
  In addition, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. 
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Sharepoint 2013 monitoring on windows server 2012

  Hi,
  Can we monitor sharepoint 2013 installed on windows server 2012 from scom 2007 R2 CU5??
  Thanks
  Ashish

  Hi,
  Yes, SCOM 2007 R2 support SharePoint 2013 Management Pack.
  http://www.microsoft.com/en-us/download/details.aspx?id=35590
  Niki Han
  TechNet Community Support

• Multiple users logged into one server, each users printer has a different name, application needs ONE name to print to.

  Multiple users logged into one server, each users printer has a different name, application needs ONE name to print to. 
  I'm NOT in any way a Terminal Services expert and I need help trying to get an application program working in a multi-user environment.
  The issue is that the printer changes for every user that is logged in. The application needs to print NOT to the default printer, but to a "special" printer which is selected in the application... let's call it a label printer to simplify the explanation.
  You have your default regular printer, easy for the application to find that one, and then you have a special printer that labels get printed onto. The application needs to know what printer is the label printer. So we allow the user to select that in the
  application and the selection is stored in a config file in 
  C:\ProgramData\mfgr\prog\setting files
  I don't have access to the application so I can't change how this works.  
  In the "regular" world, selecting the label printer driver to use should be per machine, NOT per user. When a new user logs into a machine, the physical printer doesn't go "poof" and a new printer suddenly appear. Same printer for all
  users.
  Yet in terminal services, the physical machine is "merged" with the virtual machine on the server. And there can be many users logged in at the same time. So each users real machine (and real printer) is injected into the "fake" terminal
  services machine. The name of the printers is made unique for each user. So the printers DO go "poof" and change names depending on the user logged into terminal services.
  So user "A" logs in and sets up the application to print to "LabelPrinterForUserA" (or whatever the name of the printer happens to be), that setting is stored in the ProgramData subfolder, and all is well. Later, user "B" logs
  in, and when they print, the application tries to print to "LabelPrinterForUserA" which doesn't exist for user B or is only accessible by user A. If user B re-configures, that breaks it for user A. 
  SOLUTION 1: The way that /should/ work (in my mind) is that you define one "generic" printer in Terminal Services... call it "Virtual Label printer" and when the user wants to print to it, the print job gets re-directed back to whatever
  physical printer is actually connected to their local workstation. There is a map of virtual printer to actual printer depending on the current user. The application is told once to print to "Virtual Label Printer" for all users.
  SOLUTION 2: Or... there should be some way to make the ProgramData sub folders separate per user. E.g. when user "A" tries to access:
  C:\ProgramData\mfgr\prog\setting files
  they actually get 
  C:\UserData\UserA\AppData\mfgr\prog\setting files
  and user "B" gets
  C:\UserData\UserB\AppData\mfgr\prog\setting files
  So the question I have is: Does either of those solutions exist hidden somewhere in the setup of terminal server? Or is there another way around this issue that I don't know?

  I don't really have a "for sure" answer to this, but because people here can't seem to deal with a question that hasn't been answered I'll provide the best answer I did receive from ServerFault.com user Nathan:
  I can feel your pain with using old software on terminal servers ...the solution I've come up with definitely won't scale as it requires some manual configuration, but I've gotten this method to work with our label printers (which require to be
  printed to an LPT port...yep, that old).
  Share your USB-connected printers to the network on each machine. Then, have the user log in on aunique session for each of them
  (a TS account cannot be shared among computers for this to work) and install a network printer pointing to the USB one they shared. Try to use a DNS name to account for possible DHCP movements.
  After, it should work. Each user can do this since display names can be identical as long as the ports are different (which they are).
  This was clarified by the following series of comments:
  I think you are on to something here, and I originally advised the admin to do this. The problem he ran into is that it setup the printer names in the TS as "printer on usersworkstation"
  and he could not rename it except to change the "printer" to whatever. E.g. the "on userworkstation" remained. I believe there is another way of installing the printer which avoids this, but I can't find it. Ages ago, one used to do NET
  USE LPT2 \\computer\printer password /USER:domain\user /PERSISTENT:YES and then tell the driver to print to LPT2 –  James
  Newton Mar
  17 at 16:21   
  @JamesNewton That's actually the exact method we used. The way around the "network printer" part is to install it as local printer and map it to a TCP/IP port that way. –  Nathan
  C Mar
  17 at 16:28
  You mean in the case where the printers are TCP/IP connected and not local USB / LPT to the users workstation? That makes sense. Wonder if this will work for USB connected printers... –  James
  NewtonMar
  17 at 16:35   
  @JamesNewton You'd share the local printer on the client's PC then on the server connect via TCP/IP to it. You'd need static addresses or use DNS names if DHCP, though. –  Nathan
  C Mar
  17 at 16:51
  Ah. Yes. I see. Looks like the LPT thing should work even with a USB connected printer:superuser.com/questions/182655/… –  James
  Newton Mar
  17 at 17:09   

• Send mail to the user who logged the issue

  Hi,
  As it is currently the mail goes to the key user, which is a business partner. That is an organization. However several users are maintained under a business partner.
  So now the mail goes to all these users at a status change. However can we only have the user who logged the issue getting the mail. Can you please advice me on how to get this?
  Thanks loads.
  Keshi

  Hi.. Thanks for all ur replies..
  Yes we hv assigned the key user as a business partner which is an organization,, This is also and requirement,
  But since the mail is activated as to the key user it goes to all the users in that group, under teh business partner.
  But when configuring this came across the Partner, in which we selected it as key user. But there were also other partners as Creator,Reported by etc..
  I tried using both these but again it didnt work. Can anyone suggest anything?
  Yes, when u assign the key user as a business partner and assign several users  to it you can send multiple mails to users
  Any help on this is very much appreciated,.,
  Thanks all for replying once again.
  Keshi

• How to get the Login Id (UPI) of the user who logged in the system?

  hi,
  I'm having a webdynpro application. In which i want to get the values from the R/3 based on the user who logs in.
  so i need to get the UPI(login id) of the user who logs in. how to get the UPI of the user who logged in??
  please help me out with the detailed procedure.
  Thanks & Regards,
  Suresh

  Hi Suresh,
  Try the following code.
  ISearchResult rst = UMFactory.getUserFactory().getUniqueIDs();
                    IUserFactory usf = UMFactory.getUserFactory();
                    IUser iuser = null;
                    IUserListElement userElement = null;
                    int i = 0;
                    while (rst.hasNext()) {
                          iuser =
                                UMFactory.getUserFactory().getUser(rst.next().toString());
                          String email = iuser.getEmail();
                          String fname = iuser.getFirstName();
                          String lname = iuser.getLastName();
  I have already used this code for the similar requirement.
  regards
  Anil

• How can i know about any users who log on sap last one month..all data and

  Dear all,
  how can i know about any users who log on sap last one month..all data and  transaction code they used in a month.
  Regards,
  ASHUTOSH
  9891595497

  Dear Ashutosh,
  I think your question is in the wrong forum. This is for SAP MDM related questions and answers. SAP MDM does not use Transaction codes. So you may not get much help here.
  Please try posting your question in the ABAP forums and you may get the right resources to help you.
  Thanks.
  Siva K.

• CryptAcquireContext failing with ERROR_FILE_NOT_FOUND (2L) when user not logged on Windows 8.1

  I am having a hard time migrating a C++ CryptoAPI-based application that currently runs on Windows Server 2008 to Windows 8.1. The scenario is:
  This application is eventually triggered by WatchDog.exe, which in its turn is triggered when the computer is started by Windows' Task Scheduler.
  Task Scheduler uses the following rules to start the WatchDog.exe:
  A Administrator User Account;
  Run Whether user is logged on or not;
  UNCHECKED: Do not store password. The task will only have access to local resources;
  Run with Highest Privileges;
  Configure for Win 8.1;
  Triggered at system startup.
  The server sits there, nobody logged, until in a given scenario WatchDog.exe starts the application. Application log confirms that the owner of the process (GetUserName)
  is the very same user Task Scheduler used to trigger WatchDog.exe.
  It turns out that this application works fine in Windows Server 2008, but in windows 8.1 a call to CryptAcquireContext fails
  with return code ERROR_FILE_NOT_FOUND (2L). The odd thing is that the application will NOT fail if, when started, the user is physically logged
  on the machine, although it was not the user who started the application manually.
  I took a look at the documentation and
  found:
  "The profile of the user is not loaded and cannot be found. This happens when the application impersonates a user, for example, the IUSR_ComputerName account."
  I had never heard of impersonification, so I made a research and found the APIs LogonUser,ImpersonateLoggedOnUser and RevertToSelf.
  I then updated the application in this way:
  HANDLE hToken;
  if (! LogonUser(L"admin", L".", L"XXXXXXXX", LOGON32_LOGON_BATCH, LOGON32_PROVIDER_DEFAULT, &hToken))
  logger->log (_T("Error logging on."));
  else
  logger->log (PMLOG_LEVEL_TRACE, _T("Logged on."));
  if (! ImpersonateLoggedOnUser(hToken))
  logger->log (_T("Error impersonating."));
  else
  logger->log (_T("Impersonated."));
  err = XXXXXXXXX(); // calls function which will execute CryptAcquireContext
  if (! RevertToSelf())
  logger->log (_T("Error reverting."));
  else
  logger->log (_T("Reverted."));
  Excerpt with the call to CryptAcquireContext:
  // Get the handle to the default provider.
  if(! CryptAcquireContext(&hCryptProv, cryptContainerName, MS_ENHANCED_PROV, PROV_RSA_FULL, 0))
  DWORD e = GetLastError();
  _stprintf_s (logMsg, 1000, _T("Error %ld acquiring cryptographic provider."), e);
  cRSALogger->log (logMsg);
  return ERR_CCRYPT_NO_KEY_CONTAINER;
  cRSALogger->log (_T("Cryptographic provider acquired."));
  As the result, I got the log:
  [2015/01/08 20:53:25-TRACE] Logged on.
  [2015/01/08 20:53:25-TRACE] Impersonated.
  [2015/01/08 20:53:26-ERROR] Error 2 acquiring cryptographic provider.
  [2015/01/08 20:53:26-TRACE] Reverted.
  That seems to show that impersonation is working properly, but still I get Error 2 (ERROR_FILE_NOT_FOUND) on CryptAcquireContext.
  Summary:
  On Windows Server 2008, the very same application runs properly even without the calls to LogonUser/Impersonate/Revert.
  On Windows 8.1, the application, with or without the calls to LogonUser/Impersonate/Revert, will only work properly if the user is logged on (which
  is not acceptable).
  Any thoughts where I can run to in order to get this working on windows 8.1?
  Thank in advance,
  Dan

  There are a couple of issues.
  Based on the parameters being used in CryptAcquireContext().  A profile needs to be loaded and your app has to be running as the same user who created the keyset. (which is why it works when a user is logged on Windows 8.1) Also, impersonation
  does not load your user profile, you need to call LoadUserProfile().  It seems like you should be using a machine keyset for your scenario if you want to do this when nobody is logged on.
  Take a look at the following KB article for more information.
  https://support.microsoft.com/kb/238187?wa=wsignin1.0
  thanks
  Frank K [MSFT]

• If I were to purchase the Apple Remote Desktop with Unlimited licenses, would I be able to install the client software on each of there computers/laptops and have them remote desktop into the server?

  I have several friends and family who are looking for a central place to access information from ( Pictures, home movies etc ).  So I am considering setting up an OSX Lion Server.  There are some other things I can use it for as well.
  Here is my question:
  If I were to purchase the Apple Remote Desktop with Unlimited licenses, would I be able to install the client software on each of there computers/laptops and have them remote desktop into the server?  Or would I have to install the Admin software on each?  Do they intend it to be used strictly as one admin to access many clients? 
  I always could set up a network drive so they can log in and just see the folders they have created with space on the server I provide them.  But I want them to be able to log an and actually use it as a Remote Desktop.
  Thanks,
  Eric

  Dave,
  Thanks for the feedback.  I understand that ARD is meant for Remote Administration, but I was not sure if it could be used for my purpose as well.  The reason I was looking to do it this was was because I read several articles online about security and performance issues with setting up VNC and activating screen sharing.  Unless I am misunderstood. 
  As far as people's activities on the server, mostly it is going to be used as a place for them to store their media.  I will only allow own person ( Who I trust and I know wont botch the server ), to run applications.  Everyone else will be restricted to uploading and downloading content to their designated account on the server as well as a community share on the server.
  I appreciate your help.
  Thanks,
  Eric

• Users cannot log into Remote Desktop after 3/11/2015 update!

  I have a simple network where users can log into a Windows SBS 2008 server with Remote Desktop to access various applications.  This worked quite smoothly until this morning, after the updates of last evening. (3/11/2015)
  When users tried to log into the Remote Desktop this morning their credentials were rejected, as if their username and/or password were incorrect.  Even I (as the administrator) could not log in remotely.  Finally I connected a monitor and keyboard
  directly to the server and was able to log in without an issue.  After logging in directly I was able to connect through remote desktop.
  This method worked for my other users as well - after I logged them in directly they were able to use remote desktop no problem.
  The trouble is that I have a couple dozen users, and this is an issue that should not be occurring.  What happened in the last update to cause remote desktop to reject users credentials?  Why does it only work after the user logs in directly? 
  And most importantly, how do I fix this?
  A few notes:
  Simply browsing for files on the server also asks for the user's name and password, and this works as well.  This is only a remote desktop issue.
  I have already checked to make sure the domain was correct.  It was.
  I have already checked to make sure the usernames and passwords were correct.  They were.
  I have already checked to make sure this was not a unique issue for a single (or limited number) of users.  This issue effected
  all users all the network.
  Thank you very much for your help,
  Dustin

  I'm curious here...  If the server is rebooted, does it put the RDS users back into a "credentials failed" situation?  If so, could you please have them log in with credentials:
  domain.local\username    (I suspect they may be currently using domain\username)
  and see if that fixes the RDS problem without having to first log into the server directly.
   The ".local" may be ".lan" or ".somethingelse" depending on how you initially configured your domain, but the default for SBS 2008 is ".local"
  Merv Porter
  =========================
  That's a good question - the server will auto-reboot this evening and I'll test again in the morning. 
  You are correct that we've been using domain\username.  I tried domain.local\username (which is the way we've set up), and that did not work either.
  I'll let you know how things turn out tomorrow morning.  I don't want to mess with my users anymore today. :P
  Dustin