pGina pgSMB2 Plugin Documentation

How it Works

pgSMB2 how

The pgSMB2 plugin is a clone of the pGina 1.x pgFTP plugin. It’s purpose is to implement a raoming profile stored in a compressed file on an SMB server.

What is this god for?

The main problem is the unreliable windows internal roaming. There is no guaranty that a user profile is entirely uploaded to the server, especially on slow network connections. That doesnt matter if users are always using the same machine, but if they dont you are running into a problem. This plugin does make sure that profiles are up- an down-loaded to the server and if there is an error a mail is send to an administrator.

Whats going on?

As soon as a user has logged of, even if he/she had chosen to shutdown, the profile is compressed and uploaded to an SMB share. If someone is trying to logon the profile is decompressed localy to the station and winlogon.exe is continuing the logon process.

Windows 8 and 10

There is a bug in Windows 8 and 10 related to long login delays. As you can imagine extracting a profile from a remote source can take a while, but that bug is preventing a sucessfully logon.

Issue 32

Another problem arise with “Fast Startup”. If a user is selecting shutdown from the startmenu, the system is put into hibernation and there is no way to prevent it. As a result the user profile can’t be uploaded.

To disable “Fast Startup” run

reg.exe add “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power” /v HiberbootEnabled /t REG_DWORD /d 0 /f

Gateway Stage

In the gateway stage the plugin will create the user on the local system and keep track of this user by his profile description “pGina created pgSMB2”. Than extract the compressed profile from the SMB share *, adapt the ACL to fit the new user SID and let windows do the rest. If the user doesn’t pass the gateway stage he is still able to login but will receive a temporary profile. No, not a windows temp profile, he/she is getting a new user profile. You can detect such a profile by calling

net user %username% | find /I “pGina created pgSMB2 tmp” && @echo I’m a temp user

Such a user recieves “pGina created pgSMB2 tmp” as description instead of “pGina created pgSMB2” and this tmp marked profile is excluded from the profile upload procedure.

Is there a problem during the gateway stage the plugin will retry as often as you specified in the configuration, if the procedure failed an email is generated designated to the global mail addresses you’ve entered in the pGina configuration UI.

If the user still owns a local profile, like after a BSOD, the plugin will check the timestamps of

the local users ntuser.dat and the remote %f (Filename). Is ntuser.dat newer (UTC) than the remote %f, the profile wont be downloaded.


The login script is triggered by the login event received from the pGina service, also the max profile space value is applied in this stage.

The logoff procedure is triggered by a logoff event. First a new thread is created than this thread will wait until the user has logged off. If so, the profile will be compressed and pushed into an SMB share. The plugin keeps a backup of the older profile on the share called %f.bak (Filename). Is there a problem during compressing or pushing, the plugin will retry as often as you specified in the configuration. If the procedure failed, an email is generated designated to the mail addresses you’ve entered in the pGina configuration UI. If the error occurred during the fileupload, the compressed profile keeps stored at %d (TempComp) named %f (Filename).


pgSMB2 configuration

Roaming Profile