New Features and/or Functional Changes: • Extended Active Directory LDAP Support.   - Authentication including support for password policy messages.   - Password change; this requires a communication to the Active Directory over LDAPS. For this to work, in the AD domain the      "Certificate Services " must be installed.   - group memberships using the new group type 0x10.   - Referrals Support. This can be controlled by the new configuration parameter: DWORD:„LDAPServer\followReferrals“=1. ValueFunction 0x0  Referrals are not tracked 0x1  Referrals are tracked 0x20 CHASE_SUBORDINATE_REFERRALS 0x40 CHASE_SUBORDINATE_REFERRALS • Muliple LDAP-Server configuration support for failover function. This allows a completely separate configuration for each ldap server. The parameter DWORD:“LDAPServer\priority“=0 defines the priority of the servers. A small value defines a high priority. There must always be only one server with a specific priority value. If only one LDAP server is defined, the value “failover hostâ€� can still be used for compatibility reasons.

Bug Fix:

• A problem with the setting „LDAPGroupTypes“=ibm-allGroups (0x8) was solved.



Comtarsia SignOn Solutions 2008
(June, 18th 2010)

Build 5.0.21.X

Bug Fix:

• An error in the installation program of Build 5.0.20.4 was fixed!!

• The ComtRPC Service readiness timout has been increased from 40 to 90 seconds. On very slow computers at boot time the 40 seconds timeout was too short and caused this error message � ComtRPCSrv" service ist not running!!�



Comtarsia SignOn Solutions 2008
(June, 15th 2010)

Build 5.0.20.X

New Features and/or Functional Changes:

• Function Quick Logon:
A login attempt with pre-defined credentials is performed through an additional selection option on the login dialog.
The parameter DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonPolicy\EnableQuickLogon =1 (Default:0) enables the function.
The parameter REG_SZ HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonPolicy\QuickLogonButtonCaption defines the alternative button caption.
The parameter REG_SZ HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonPolicy\QuickLogonUser defines the user name.
The parameter REG_SZ HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonPolicy\QuickLogonPassword defines the password.
The Parameter REG_SZ HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonPolicy\QuickLogonDomain defines the Domain.
For logon with a pre-defined local user account the string "local" must be defined as QuickLogonDomain.


• Autologon with Winlogon Credentials:
In case Winlogon autologon credentials are defined by following paramters: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
DefaultUserName"="Name"
"DefaultPassword"="passwort"
"AutoAdminLogon"="1"
(optional key: "ForceAutoLogon"="1" to perform a autologon after logoff)
the Microsoft Credential Provider is not filtered out so that the Auto Logon function can perform.


• With the parameter REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\Language (default:English)=“ Italian“ the logon clients switch to Language ID 0x10 = Italian.

Special Thanks for translation, Giovanni Sabatini - University of Perugia - Italy!



Comtarsia SignOn Solutions 2008
(May, 5th 2010)

Build 5.0.18.X

New Features and/or Functional Changes:

• The parameter DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LDAP\__LDAPSERVER__\ignoreNoUniqueUser=1 (Default:0) lets a user log on, even if they aren’t unique in the directory. The Logon Client will use the first DN of the search result. This option is only in effect if the “UserDN Mode�: “Search for User� is in use. It’s strongly recommended NOT to use this option.

• The parameter DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LDAP\__LDAPSERVER__\ignoreNoUniqueUser=1 (Default:0) specifies that, for a „UserDN Mode“: „Search for User“-configuration, the search will continue on the failover LDAP server if the LDAP user wasn’t found on the primary LDAP server. It’s strongly recommended NOT to use this option.


Bug Fix:

• In EnableWkstLogonPolicy=1 mode and OFFLINE logon the desktop unlock was not possible.



Comtarsia SignOn Solutions 2008
(April, 27th 2010)

Build 5.0.17.X

New Features and/or Functional Changes:

• Failover LDAP Server:
With the parameter REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LDAP\__LDAPSERVER__\failoverHost=““ a failover LDAP-Server are defined, which is used when the primary LDAP-Server is unreachable.

• Function Log to Syslog:
The parameter
REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\Log\SysLog\host
defines the syslog server.

The parameter
DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\Log\SysLog\facility (default:10 )
defines the syslog facility.

The parameter
DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\Log\SysLog\logDetails (default:0)
Defines the log details:
logDetails = 0x0 = no log details (recommended for centralized logging)
logDetails = 0x1 = Date/Time
logDetails = 0x4 = Prozess and Thread IDs
logDetails = 0x8 = Source Postion
logDetails = 0xFFFFFFFF = All Details

The parameter
DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\Log\SysLog\logLevel
defines the log level:
logLevel = 0x1 = Error (recommended for centralized logging)
logLevel = 0x2 = Exception + logLevel 0x1
logLevel = 0x3 = Warning + logLevel 0x2
logLevel = 0x4 = Information + logLevel 0x3
logLevel = 0x5 = Message + logLevel 0x4



The parameter
DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\Log\SysLog\host\logMask
defines the log maks for addional detailed log messages:

logMask = 0x4000000 – Monitor (recommended for centralized logging)


Bug Fix:

• An error in the LDAP Posix groups has been fixed. The group search has used the full user DN instead of the UID.

• An Error in the „sambaLMPassword“-Algorithm has been fixed.



Comtarsia SignOn Solutions 2008
(April, 15th 2010)

Build 5.0.16.X

New Features and/or Functional Changes:

• On each successful LDAP authentication and LDAP password change the specific Samba user information (Samba password hash) can be set automatically.
The parameter DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LDAPSetPasswordAsSambaPassword (Default=0)
defines following Bit-mask
o 1: „sambaLMPassword“ is set
o 2: „sambaNTPassword“ is set
o 4: „sambaPwdLastSet“ is set

• User credentials (user and password) which are send with a RDP connection triggers a LDAP auto logon during the session establishment.
For RDP-Clients 6.0 or higher following parameters in the .rdp file are required:
enablecredsspsupport:i:0
prompt for credentials:i:1

• With the parameter REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\Language (default:English)=“French“ the logon clients switch to Language ID 0x0c = French.

Special Thanks for translation, Didier Rogues, Limoges University, France!


Comtarsia SignOn Solutions 2008
(April, 14th 2010)

Build 5.0.15.X

Internal Build!


Comtarsia SignOn Solutions 2008
(March, 24th 2010)

Build 5.0.14.X

New Features and/or Functional Changes:

• The parameter REG_DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonPolicy\MinPwdLen (default:0) defines the minimum passwort lenght for password change and LDAP Logon.

• With the registry setting REG_DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonClient\RemoveUser = 3 (0x1 User Account + 0x2 Profile)(default:0) the local user account and profile will be deleted during log-off. This option only affects local users which have been created by the Comtarsia Logon Client during an LDAP logon. (Those users have the user description set to "SERV_TEMP_USER".)
To have a similar functionality for domain users, the following Windows Policy can be used: REG_DWORD:HKLM\Software\Policies\Microsoft\Windows\System\DeleteRoamingCache = 1


Bug Fix:

• A logic error in the function „SearchForUser“ has been corrected. The object class „person“ instead of the defined user object class has been used.


Comtarsia SignOn Solutions 2008
(March, 10th 2010)

Build 5.0.13.X

New Features and/or Functional Changes:

• With the regsitry setting REG_DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\language= „auto“ (default = “auto�), the logon client switches to the system-language automatically.
Is no language for the system-language available, the logon client switches to language-ID 0x9 = English.


Bug Fix:

• A logic error in the local group mapping function and in local user mode has been corrected.
In certain circumstances the local group mapping function has skipped the DefaultEveryoneGroup and DefaultNoGroup parameter.
In case of a password change process during the logon process, the local user has been removed from all local groups.

Comtarsia SignOn Solutions 2008
(March, 1st 2010)

Build 5.0.12.X

New Features and/or Functional Changes:

• The parameter REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonPolicy\LogonInformationText defines an alternate text which appears when the user clicks on the 'Information'-Link on the logon screen. This can be used to provide information’s like the phone number of a support line, or procedures to follow, if the user can't log on. If this value is empty, a generic default text will be used.

• Starting from this build CAFLP license keys are supported.

• Extension of the function “Workstation Logon Policy“: Via the parameter, REG_DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonPolicy\WkstLogonPolicyRetryTimer (default = 60 /1 Minute) the time interval (in seconds) for an automatically retry to retrieve the OU information’s from the AD domain controller can be set. This retry is done in background, and by success the Combo-Box in the logon dialog is refreshed automatically.

Bug Fix:

• A logic error has been corrected, which caused a sync request at local workstation unlock.

• A time-out problem in the module ComMSSO was fixed. At fist logon, the initializing of the user profile causes to a delay of some COM-classes registration which are used by the ComMSSO module. Error message: 80040154

• A Installer problem on 64 Bit Platforms was fixed.

Comtarsia SignOn Solutions 2008
(Jannuary, 7th 2010)

Build 5.0.11.X

New Features and/or Functional Changes:

• New function „HWADMIN“: The parameter REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\Group\HWAdminAttribute defines the name of the LDAP users object attribute which is maintaining a list of computer names for which the HWAdmin right is possible.
The parameter REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\Group\HWAdminGroup defines the LDAP group with which the user must be a memper, so that the HWAdmin is possible.
If both criteria are fulfilled, the Windows user becomes user member of the local administrators group. The name of the local administrators group must be defined over this parameter:REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\Group\LocalAdminGroup

• If REG_DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\Scripts\NoScriptByCachedCredLogon = 1 by cached credential logon (offline logon) the logon and logoff scripts are not executed.

• With the paramater REG_DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonPolicy\EnableWkstLogonPolicy= 1 the function Workstation Logon Policy is enabled.
Each time on logon panel initialization the logon client tries to retrieve the OU in which the workstation is located from the Active Directory Domain controller.
The root-OU’s are defined in this parameterREG_SZ: HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonPolicy\ (MULTI_SZ). The sub OU’s and parallel OU’s beneath of the defined root OU’s are offered to the user for selection in the logon panel. Is the workstation already located in one of the sub OU’s this sub OU is already preselected in the list-box.
In case the inquire is not possible, e.g. no Domian Comtroller is avialable, „offlinelogon“ (cached credentials) is preselected in the list-box.
This fuction requires SignOn Gate Build 1.2.15.4 or higher with enabled Workstation OU-Move function.

• SyncClient trigger on Workstation Unlock: The bit 0x8 in the bit maske REG_DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonClient\EnableSyncClient triggers a SyncClient reguest by workstation unlock. With the parameter REG_DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonClient\RefreshUnlockTimer = 720 the time interval in minutes since the last successful logon is definied, within which no SycnClient request is triggered.

Comtarsia SignOn Solutions 2008
(November, 30th 2009)

Build 5.0.10.X

New Features and/or Functional Changes:

• New function „GroupFilter“:
The groupfilter defines if a LDAP group is used or not.
The groupfilter works not together with the „ibm-allGroups“ groups-attributes.
By usage of the SignOn Gates LDAP counter check also this „GroupFilter“ must be defined. Example:
o „(useThisGroup=*)“: all groups with the attribute „useThisGroup“ are used.
o „(!(dontUseThisGroup=*))“: Groups with the attribute „dontUseThisGroup“ are not used.
o „(useGroup=1)“: Groups with the value “1� of the attribute „useGroup“ are used.
„(!(useGroup=1))“: Groups with the value “1� of the attribute „useGroup“ are not used.

Comtarsia SignOn Solutions 2008
(October, 1st 2009)

Build 5.0.9.X

New Features and/or Functional Changes:

• The Installer was adapted for Windows7.

Bug Fix:

• A timing problem in Event Service was fixed.

Comtarsia SignOn Solutions 2008
(September, 24th 2009)

Build 5.0.8.X

Neue Funktionen bzw. Funktionsänderungen:

• Windows7 Support

Comtarsia SignOn Solutions 2008
(September, 18th 2009)

Build 5.0.7.X

Neue Funktionen bzw. Funktionsänderungen:

• Function „LogonAllowGroups“:
Via the parameter REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonPolicy\LogonAllowGroups (REG_SZ) could be a comma-separated list of the group names be defined, in which the user must be a member at least in one group in LDAP, so that a LDAP-login is possible.
If this parameter is empty or not defined (default), a LDAP-login will be performed without verification of the groups.
Via the parameter REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonPolicy\NegateLogonAllowGroups(REG_DWORD)= 1 could this list be negated, i.d. the user may be a member in none of the LDAP group from the list in LDAP. In this case is a LDAP-login possible.
Default = 0;

Function „DefaultEveryoneGroup“:
Via the parameter REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\Group\DefaultEveryoneGroup (REG_SZ) could the name of the group be defined, which will be dynamically added to the group list by each LDAP login. Therewith is in the function „GroupMapping“ possible to perform a group mapping independently of the each LDAP group membership of the user.
Default = „#Everyone“

Function „DefaultNoGroup“:
Via the parameter REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\Group\DefaultNoGroup (REG_SZ) could the group name be defined, which is dynamically added to the group list by the LDAP login, when the user is not a member in any LDAP group. Therewith it is possible to performe a particular group mapping in this case in the function „GroupMapping“.
Default = „#NoGroup“

Function „SearchForUser“:
Via the parameter DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LDAP\SearchForUser:0
If this function is activated, the user will be seeked in LDAP before login under the BaseDN. The determined BaseDN is used then fort he login.

Function „AttributeBasedGroups“:
Via the parameter REG_MULTI_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LDAP\Servers\\AttributeBasedGroups=““
With this function could user groups be created dynamically from the content of user attributes.

Bug Fix:

A bug by reading of the paramenters REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\UserEnvironment\HomeDirDrive was fixed.

Comtarsia SignOn Solutions 2008
(August, 25th 2009)
Build 5.0.6.X

New Features and/or Functional Changes:

• Function „PanelBitmap“:
With the parameter REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonClient\ PanelBitmap=� C:\Program Files\Comtarsia\SignOn Solutions 2008\logon_tile.bmp“ can own Logon Client Kachel be loaded. Bitmap 128 x 128 pixel.

Comtarsia SignOn Solutions 2008
Build 5.0.5.X (April, 20th 2009)

New Features and/or Functional Changes:

• Diverse optimizations in domains performance and storage requirements
• Extended support for Novell eDirectory inclusive evaluation of the passwort policy

Bug Fix:

• A bug by LDAP passwort change was fixed, whereat the user received flase error notification due to false LDAP policy evaluation.
• A bug the SSO-functionality was fixed, whereby by the users that logged in for the first time, the SSO-process (ComtMSSO.exe) partially terminated after the startup by itself.



Comtarsia SignOn Solutions 2008
(February, 24th 2009)

Build 5.0.4.X

Bug Fix:
• A mistake by connection setup of inter-process-communication was fixed.
• The level of EventLog-entries was not set in some cases.


Comtarsia SignOn Solutions 2008
(February, 23rd 2009)

Build 5.0.3.X

• A support for the reading of the set IBM Directory Server Password Policy (IBM DS <= 6.0) as well as Effective Password Policy (IBM Ds >= 6.1) for the user object.

Bug Fix:

• A mistake by the setting of a new password after a „Change On Reset“ policy-warning was fixed.


Comtarsia SignOn Solutions 2008
(February, 3rd 2009)

Build 5.0.2.X

The first customer-build.