Login
    Contenu x
    Block Available Credential Providers via Group Policy
    • 22 Nov 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Block Available Credential Providers via Group Policy

    • Mis à jour le 22 Nov 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    When enforcing Digipass authentication with the Block weak credential providers option, certain system credential providers which are considered to be weak are actively blocked and cannot be used for authentication.

    You can enable Block weak credential providers and use Windows Group Policy to block additional credential providers to ensure that only Digipass Authentication for Windows Logon is available for authentication.

    Alternatively, you can enable Force Digipass authentication to effectively block any credential provider other than Digipass Authentication for Windows Logon, including customer-specific third-party credential providers!

    For more information about this option, refer to the Digipass Authentication for Windows Logon User Guide.

    Before you begin

    Inspect the subkeys of the following registry key to verify the available credential providers:

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers]

    Block available credential providers via Group Policy

    To block credential providers with Group Policy

    1. On the domain controller, start Group Policy Management by entering gpmc.msc in a command prompt.
    2. To create a new Group Policy Object:
      1. Select the domain or organizational unit for which you want to set a Group Policy in the Group Policy management tree.
      2. Select Create a GPO in this domain, and Link it here...from the context menu.

        Configuring DAWL via Group Policy (1) - Group Policy Management

      3. Enter a name for the new Group Policy Object.
    3. Select the relevant Group Policy Object in the tree.

      Ensure the Group Policy Object is associated with the domain, site, or organizational unit whose users will be affected by the policy.

    4. Select Edit... from the context menu.

      The Group Policy Object Editor is displayed.

      Configuring DAWL via Group Policy (2) - Group Policy Object Editor

    1. Navigate to Computer Configuration > Policies > Administrative Templates > System > Logon in the Group Policy Object tree and select Exclude credential providers:to edit the settings:
      1. Select Enabled to enable the policy setting.
      2. Enter the CLSIDs for any additional credential provider you want to exclude in the Exclude the following credential providers field. To specify more than one credential provider, use a comma-separated list.
      3. Click OK.
    2. Close Group Policy Object Editor when you have finished configuring the Group Policy Object.

    Additional considerations

    You need to disable this Group Policy setting before uninstalling Digipass Authentication for Windows Logon. Otherwise, the specified credential providers remain excluded, which might leave your users unable to authenticate and log on to the client workstations.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle