8.2.6 Windows log on
This item performs log-on to Windows or unlocks the screen. To use this item, you have to set it up.
To use this item, you have to first set up the Windows log-on function and map information regarding the users logging on to Windows (Windows user names and passwords) to virtual users. For details on how to set up, see 2.3.4 Using the Windows log-on function.
- Organization of this subsection
(1) List of settings
|
Name |
Required |
Format |
Can specify inherited information? |
|---|---|---|---|
|
Virtual user name |
Yes |
String (1 to 14 bytes) |
No |
(2) Settings
- Virtual user name
-
Specify the virtual user name mapped to the name of the Windows user logging on to Windows. Use the cpasetumap command to map the virtual user name. For details on the cpasetumap command, see cpasetumap in 9. Commands.
(3) Return values
|
Value |
Description |
|---|---|
|
-1 |
Forced termination. |
|
0 |
The log-on or unlock screen action was successful. |
|
41 |
The log-on processing timed out.
|
|
46 |
Due to a password error or other mistake in the settings, the log-on action failed.
|
|
47 |
Another user was logged on.
|
|
52 |
A permission error occurred.
|
|
76 |
The virtual user is not registered.
|
|
77 |
The Windows user does not exist.
|
|
125 |
A system error occurred.
|
(4) Example
In the following example, the Windows user name UserA# mapped to the virtual user name logonuserA is used to log on to Windows:
|
Virtual user name |
logonuserA |
- #
-
You have to first map the virtual user name logonuserA to a Windows user name by using the cpasetumap command.
(5) Command name that is output to log files
cpaalexec.exe
(6) How the item behaves in an environment used by multiple Windows users
In an environment where multiple Windows users are registered on a single machine, the item behaves as described in the table below depending on the timing of the execution of a Windows log-on action.
|
Status of the Windows user logging on to Windows |
Status of other users |
How the item behaves when a Windows log-on action is executed |
||
|---|---|---|---|---|
|
Status (return value) |
Behavior |
Message ID |
||
|
Log-off |
Log-off |
Normal end (0) |
The user logs on. |
-- |
|
Log-on |
Abnormal end (47) |
The user does not log on. |
KNAO2804-E |
|
|
Lock screen |
Normal end (0) |
The user logs on. |
-- |
|
|
Log-on |
Log-off |
Normal end (0) |
The user does not log on. |
-- |
|
Lock screen |
||||
|
Lock screen |
Log-off |
Normal end (0) |
Lock screen is canceled. |
-- |
|
Log-on |
Abnormal end (47) |
Lock screen is not canceled. |
KNAO2804-E |
|
|
Lock screen |
Normal end (0) |
Lock screen is canceled. |
-- |
|
- Legend:
-
--: Not applicable
If an error occurs in any of the cases described in the table above, use the standard error output or the product log to check the message corresponding to the applicable message ID, confirm the log-on status of the Windows user, and then re-execute the Windows log-on action.
(7) Log-on behavior
When using this item, keep the following in mind with regard to the Windows log-on behavior:
-
When the user is already logged on to Windows with the Windows user name mapped to a virtual user name, a Windows log-on action ends successfully even when the password is incorrect.
-
If a Windows log-on action fails for reasons other than the specification of a nonexistent virtual user name or Windows user name, the subsequent Windows log-on actions end abnormally without any log-on processing being executed. This precaution is taken to prevent the account from being locked or otherwise rendered inaccessible as a result of repeated execution of invalid log-on processing. After a failed Windows log-on action, all the subsequent Windows log-on actions end abnormally with a return value of 125 unless a Windows user succeeds in manually logging on to Windows. For this reason, after a failed Windows log-on action, a Windows user must manually log on to Windows and review the password setting before a Windows log-on action can be executed again.
-
When the action item Command execution in window works normally, it means that the Windows log-on action has ended successfully.
-
If a user belonging to a domain is used to log on to Windows, when a timeout occurs due to a network problem, the log-on action can fail with 41 set as a return value. When using such a user, it is necessary to first check the state of communication with the domain server.
-
A log-on action executed while the Windows log-on window (tile) is not displayed fails. Set a schedule to ensure that the log-on action is executed while the log-on window is displayed.
-
If a log-on action or lock screen action fails because the password of the user in question is expired or incorrect, a message indicating a failed log-on action shows up in the Windows log-on window (tile). This message, however, displays the name of the Windows user who executed the previous successful log-on action, instead of the name of the user whose log-on action or lock screen action just failed.
-
If a Windows log-on action is executed either when there is a user using a Remote Desktop connection or in an environment where a Remote Desktop connection was used just moments before, the log-on action ends in failure. You have to use the Windows log-on function in an environment where no Remote Desktop connection is used.
-
The Windows log-on function does not work normally if you use any one of the following functions to log on to Windows:
-
PIN
-
Picture password
-
Windows Hello
-
Azure AD account
-
-
If the following maintenance information is output to a message displayed upon the execution of a Windows log-on action by a user having a Domain account, check if a connection is being made to the domain server or if the domain server is up and running.
-
Get Specified user SID error
-
Get Active Console user SID error
-