Credential Providers are in-process COM objects used to collect credentials for authentication. Credential Providers describe the credential information required for authentication to the Local Security Authority (LSA) or to an application. For an interactive user logon, this credential information is presented to the user in the form of a “tile” that contains informational and editable fields. Users interact with the tile by entering their usernames and passwords, then clicking a right-arrow button.
Figure 3-1 Windows Welcome Screen
In Windows 10, Windows 8, Windows 7 and Windows Server 2012, the Winlogon process launches the LogonUI process after it receives a SAS event. LogonUI queries each Credential Provider for the number of credential tiles that it wants to display. A Credential Provider might, for example, display a tile for each local machine user. One of these tiles can be configured to be the default tile initially displayed to the user. After LogonUI is finished querying the Credential Providers for their tiles, it displays all of the enumerated tiles to the user. After the user supplies information for the requested fields, LogonUI submits the credentials for authentication.
Credential Providers are not enforcement mechanisms. They are used only to gather and serialize credentials. The Local Security Authority and authentication packages enforce security. Credential Providers are responsible for:
Describing the credential information required for authentication.
Handling communication and logic with external authentication authorities.
Packaging credentials for interactive network logon.
Even though multiple Credential Providers can be displayed to a user on a machine, only the one selected by the user is allowed to provide credentials to the interactive logon process.
The Microsoft Windows Live ID based login is supported. To use this feature, ensure that your administrator has added your Windows Live ID to your PC. For more information on adding a Live ID to a Windows PC, refer the Microsoft article on Your life, connected and to create a Live ID, refer How do I sign up for a Microsoft account?
Once your Live ID is added to the PC and after a successful Network login, in the Log on to this computer screen, enter your Live ID username and password.
Figure 3-2 Windows Live ID Login Screen
In the Client for OES, users are expected to authenticate to the network first using the Client for OES Credential Provider and then to their PC using Live ID. Or, you can combine your network login and your Windows Live ID login in the Network login screen.
To combine your network and Windows Live ID login:
In thescreen, click .
In thedialog, on the tab, type the Windows Live ID in the text box and then click .
NOTE:Ignore thelist box for now. It will be disabled in case of a Windows Live ID login.
Figure 3-3 Network Login with Windows Live ID
The Client for OES password sync feature that is used to synchronize your Windows password to that of the eDirectory does not work in case of a Windows Live ID based login.
Figure 3-4 The Unsupported Password Sync Feature
Also, the change password feature is not supported by Client for OES when Windows Live ID is used for computer log in.
Figure 3-5 The Unsupported Client Change Password Feature