How enable trace logs for Logon Shield on Vista or higher Windows release

Document ID : KB000028762
Last Modified Date : 14/02/2018
Show Technical Document Details

Starting Vista Windows OS release, GINA logon architecture is not used anymore. It has been replaced by Credential Providers (COM based plugins).

This new logon architecture has been implemented in SD Logon Shield using the "Logon Shield Credential Provider" (dsmcrpr.dll) and a "Logon Shield Credential Provider Filter" (dsmcrprfi.dll).

Logon Shield

 

These Credentials Providers are registered in registry keys :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{6AD992E5-19B5-4391-A3AB-109FEB573FA2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers Filters\{7440A7CB-26AF-43ec-B917-B3ABBA7210D0}

 

Credential Providers

Credential Provider Filter

 

 

 

It is possible to activate trace for these DLL by creating the following registry key :

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ComputerAssociates\DsmSxpInstaller\TraceCrPr = 1

TraceCrPr

 

Files <DSMPATH>\logs\TRC_CRPRFI_*.log and <DSMPATH>\logs\TRC_CRPR_*.log are created with trace log generated by Logon Shield.

Remark :

The file size of these trace files is not limited; the trace should only be activated for a limited time. To deactivate the trace, set TraceCrPr = 0 in registry.