After installation of Aloaha Smart Login, several credential providers are available to logon from the Windows logon user interface. This article explains how to hide certain credential providers from the Windows logon user interface via group policy. If you want to configure Aloaha to hide automatically other credential provider please have a look at: http://blog.aloaha.com/2012/08/14/aloaha-smartlogin-ini-settings/
This way, you can ensure that only the Aloaha credential provider is available for logon.
What To Do
To hide the Microsoft Windows 7 default credential providers after installation of Aloaha, a Windows Group Policy setting has to be configured, using either the local group policy editor (gpedit.msc) or the group policy management console (gpmc.msc).
Modify an existing group policy or create a new one and navigate to the “Exclude credential providers” setting:
Computer Configuration | Policies | Administrative Templates | System | Logon | Exclude credential providers.
Open the properties of the group policy setting, set the policy to “Enabled”
Use the “Exclude the following credential providers” field to exclude specific credential providers. Enter the comma separated-CLSIDs for multiple credential providers to be excluded from use during the authentication process.
If you just want to hide a certain credential provider, the following is a list of default Windows 7 credential providers CLSIDs:
Credential Provider,CLSID
- GenericProvider, {25CBB996-92ED-457e-B28C-4774084BD562}
- NPProvider, {3dd6bec0-8193-4ffe-ae25-e08e39ea4063}
- VaultCredProvider, {503739d0-4c5e-4cfd-b3ba-d881334f0df2}
- PasswordProvider, {6f45dc1e-5384-457a-bc13-2cd81b0d28ed}
- Password Provider\LogonPasswordReset, {8841d728-1a76-4682-bb6f-a9ea53b4b3ba}
- Smartcard Credential Provider, {8bf9a910-a8ff-457f-999f-a5ca10b4a885}
- Smartcard Pin Provider, {94596c7e-3744-41ce-893e-bbf09122f76a}
- WinBio Credential Provider, {AC3AC249-E820-4343-A65B-377AC634DC09}
- CertCredProvider, {e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}
On a system with Aloaha installed, all other credential providers may be hidden using the following string:
{25CBB996-92ED-457e-B28C-4774084BD562},{3dd6bec0-8193-4ffe-ae25-e08e39ea4063},{503739d0-4c5e-4cfd-b3ba-d881334f0df2},{6f45dc1e-5384-457a-bc13-2cd81b0d28ed},{8841d728-1a76-4682-bb6f-a9ea53b4b3ba},{8bf9a910-a8ff-457f-999f-a5ca10b4a885},{94596c7e-3744-41ce-893e-bbf09122f76a},{AC3AC249-E820-4343-A65B-377AC634DC09},{e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}
After applying the setting, only the Aloaha credential provider is shown during the authentication process.
To check for additionally installed 3rd party credential providers, open up the registry on the Windows 7 machine and browse to following location: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers]. Check for any 3rd party credential provider you want to hide and write down the providers CLSID. Configure the CLSID in the above mentioned group policy to hide the 3rd party credential provider.
Note:
Hiding credential providers via group policy also applies to UAC and RunAs authentication dialog boxes.
Make sure you unhide the hidden credential providers again if you plan to remove Aloaha from your system. If you leave them hidden, following removal of Aloaha, the Windows Logon User Interface does not provide you with a credential provider to authenticate, and the Windows credential providers remain hidden.
Hiding credential providers via group policy also applies to UAC and RunAs authentication dialog boxes.
If you need more information or guidance, then please contact technical support at info@aloaha.com
January 28th, 2013 on 2:18 am
Please also have a look at:
http://blog.aloaha.com/2013/01/28/how-to-filter-credential-providers-from-the-windows-logon-user-interface-using-aloahas-credential-provider-filter/