1 Reply Latest reply on Jun 15, 2011 12:54 PM by bgable

    HIP, Windows 7 and change password policy

      Hi all!

       

      I want to know what process is running when you hit Ctrl+Alt+Delete combination and want to change your password in Win7.

       

      Cause now what happened is computer halts, HIP is waiting answer and OS is locked all down. Only way is to power off and I can´t get any log information....

       

      so I can create a rule for allow password to be changed globally in HIP policy.

        • 1. Re: HIP, Windows 7 and change password policy

          Not sure what you mean by "what happened is computer halts, HIP is waiting answer and OS is locked all down."

           

          If this only  occurs when IPS is enabled, you might wonder if it is caused by HIP.

          Check to see if any HIP events are generated.  If so, create an IPS exception.

          If not, maybe  there is a further problem.

          Enable verbose debugging logs for Host IPS.

          Obtain a full kernel memory dump while it is in that state, refer to KB66559 or http://msdn.microsoft.com/en-us/library/ff545499(VS.85).aspx

          Run the McAfee WebMER tool to collect all of the logs etc. 

          Open a support case for further investigation.

           

           

          According to Wikipedia - http://en.wikipedia.org/wiki/Control-Alt-Delete

           

          In Windows NT, and thus on its successors, including Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7, this keystroke combination is recognized (as a special system-wide "keyboard hook") by the Winlogon process, which in response instructs GINA to perform one of the following tasks:

          • If nobody is logged in, bringing up the login dialog to allow the user to log in. Also used when the computer is locked to bring up the unlock dialog.
          • If the computer is configured as a part of a domain or it runs Windows 2000, the combination brings up the "Windows Security" dialog, where the user can lock the computer, change their password, log out, shut the computer down, or invoke the Task Manager. This is the default behavior in Windows Vista and Windows Server 2008, regardless of whether or not the computer is part of a domain. The options presented can be controlled through the use of Group Policy.
          • If Windows XP is not connected to a domain
            • and the Welcome Screen and fast user switching are turned on, Ctrl-Alt-Del directly invokes the Task Manager.
            • and the Welcome Screen and fast user switching are turned off, Ctrl-Alt-Del will open the Windows Security Dialog, as described above.
            • If pressed twice while at the Welcome Screen the classic Windows login box is displayed. This allows one to log in as any user, even those typically hidden from the Welcome Screen.