WlxLoggedOutSAS function

[The WlxLoggedOutSAS function is no longer available for use as of Windows Server 2008 and Windows Vista.]

The WlxLoggedOutSAS function must be implemented by a replacement GINA DLL. Winlogon calls this function when it receives a secure attention sequence (SAS) event while no user is logged on.

Note   GINA DLLs are ignored in Windows Vista.


int WlxLoggedOutSAS(
  _In_    PVOID                pWlxContext,
  _In_    DWORD                dwSasType,
  _Out_   PLUID                pAuthenticationId,
  _Inout_ PSID                 pLogonSid,
  _Out_   PDWORD               pdwOptions,
  _Out_   PHANDLE              phToken,
  _Out_   PWLX_MPR_NOTIFY_INFO pNprNotifyInfo,
  _Out_   PVOID                *pProfile


pWlxContext [in]

A pointer to the GINA context associated with this window station. The GINA returns this context value when Winlogon calls WlxInitialize for this station.

dwSasType [in]

Specifies the type of SAS that occurred. Values from zero to WLX_SAS_TYPE_MAX_MSFT_VALUE are reserved to define standard Microsoft SAS types. GINA developers can define additional SAS types by using values greater than WLX_SAS_TYPE_MAX_MSFT_VALUE.

The following SAS types are predefined.


Indicates that a user has typed the standard CTRL+ALT+DEL SAS.


Indicates that a smart card has been inserted into a compatible device.


Indicates that a smart card has been removed from a compatible device.


Indicates that no user input was received within the specified time-out period.


pAuthenticationId [out]

Specifies the authentication identifier associated with the current logon session. You can get this value by calling GetTokenInformation to obtain a TOKEN_STATISTICS structure for the token returned by the LogonUser function.

pLogonSid [in, out]

On input, this parameter points to a security identifier (SID) that is unique to the current logon session. Winlogon uses this SID to change the protection on the window station and application desktop so that the new logged-on user can access them.

On output, Winlogon provides a SID. You can also get the SID by using the GetTokenInformation function to retrieve a TOKEN_GROUPS structure for the token returned by the LogonUser function. To do this, search the array returned in the TOKEN_GROUPS structure for the group with the SE_GROUP_LOGON_ID attribute.

pdwOptions [out]

A pointer to a DWORD that contains the set of logon options. The following option is defined.


Indicates that Winlogon must not load a profile for the logged-on user. Either the GINA DLL will take care of this activity, or the user does not need a profile.


phToken [out]

A pointer to a handle variable. When the logon operation succeeds, set this handle to a token that represents the logged-on user. Use the LogonUser function to get this token, then, when the user logs off, Winlogon closes this handle and calls the WlxLogoff function.

If you need this handle after calling the WlxLogoff function, make a duplicate of the handle before returning it to Winlogon.

pNprNotifyInfo [out]

A pointer to an WLX_MPR_NOTIFY_INFO structure that contains domain, user name, and password information for the user. Winlogon will use this information to provide identification and authentication information to network providers.

The GINA is not required to return password information. Any NULL fields within the structure will be ignored by Winlogon. Use LocalAlloc to allocate each string; Winlogon will free them when they are no longer needed.

The GINA should provide domain, user, and password values for complete Session Directory functionality. If the password is not provided, Session Directory will require the user to input the password twice before the user is connected to the server.

For information about protecting passwords, see Handling Passwords.

pProfile [out]

On return from a successful authentication, the pProfile parameter points to either a WLX_PROFILE_V1_0 or a WLX_PROFILE_V2_0 structure. The first DWORD in the structure indicates which structure it is. Winlogon uses this structure to load the profile of the logged-on user, and frees the memory associated with the structure when it no longer needs it.

Return value

If the function fails, the function returns zero.

If the function succeeds, it returns one of the following values.

Return codeDescription

Indicates a user has logged on.


Indicates the logged attempt was unsuccessful or canceled.


Indicates the user requested that the system be shut down.



Before calling WlxLoggedOutSAS, Winlogon sets the desktop state so that the current desktop is the Winlogon desktop and sets the workstation state so that the desktop is locked.

Do not activate the user shell program in WlxLoggedOutSAS. The user shell program should always be activated in WlxActivateUserShell.


Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

End of client support

Windows XP

End of server support

Windows Server 2003



See also