This policy setting allows the administrator to exclude the specified credential providers from use during logon.
If this policy is set to Enabled, an administrator can specify the CLSIDs of the credential providers to exclude from the set of installed credential providers available for logon purposes.
For example: Windows Password and Smartcard Credential Provider can be excluded from the login interface using the following string:
For Windows 8, Windows Server 2012 or above: {60b78e88-ead8-445c-9cfd-0b87f74ea6cd},{8FD7E19C-3BF7-489B-A72C-846AB3678C96}
For Windows 7, Windows Server 2008: {6f45dc1e-5384-457a-bc13-2cd81b0d28ed},{8bf9a910-a8ff-457f-999f-a5ca10b4a885}
The pre-filled value will exclude the Windows Password and Windows Live ID credential providers for all platforms:
{60b78e88-ead8-445c-9cfd-0b87f74ea6cd},{6f45dc1e-5384-457a-bc13-2cd81b0d28ed},{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}
To check for the list of installed credential providers, open up the registry and browse to following location:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers]
If this policy is disabled or not configured, only the Windows Password credential provider will be excluded by default.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\DirectAuthorize\Agent |
Value Name | ExcludedCredProviders |
Value Type | REG_SZ |
Default Value | {60b78e88-ead8-445c-9cfd-0b87f74ea6cd},{6f45dc1e-5384-457a-bc13-2cd81b0d28ed},{F8A0B131-5F68-486c-8040-7E8FC3C85BB6} |