mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 05:17:22 +00:00
215 lines
11 KiB
Markdown
215 lines
11 KiB
Markdown
---
|
|
title: ADMX_CredentialProviders Policy CSP
|
|
description: Learn more about the ADMX_CredentialProviders Area in Policy CSP.
|
|
ms.date: 08/06/2024
|
|
---
|
|
|
|
<!-- Auto-Generated CSP Document -->
|
|
|
|
<!-- ADMX_CredentialProviders-Begin -->
|
|
# Policy CSP - ADMX_CredentialProviders
|
|
|
|
[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
|
|
|
|
<!-- ADMX_CredentialProviders-Editable-Begin -->
|
|
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
|
|
<!-- ADMX_CredentialProviders-Editable-End -->
|
|
|
|
<!-- AllowDomainDelayLock-Begin -->
|
|
## AllowDomainDelayLock
|
|
|
|
<!-- AllowDomainDelayLock-Applicability-Begin -->
|
|
| Scope | Editions | Applicable OS |
|
|
|:--|:--|:--|
|
|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
|
|
<!-- AllowDomainDelayLock-Applicability-End -->
|
|
|
|
<!-- AllowDomainDelayLock-OmaUri-Begin -->
|
|
```Device
|
|
./Device/Vendor/MSFT/Policy/Config/ADMX_CredentialProviders/AllowDomainDelayLock
|
|
```
|
|
<!-- AllowDomainDelayLock-OmaUri-End -->
|
|
|
|
<!-- AllowDomainDelayLock-Description-Begin -->
|
|
<!-- Description-Source-ADMX -->
|
|
This policy setting allows you to control whether a user can change the time before a password is required when a Connected Standby device screen turns off.
|
|
|
|
- If you enable this policy setting, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose.
|
|
|
|
- If you disable this policy setting, a user can't change the amount of time after the device's screen turns off before a password is required when waking the device. Instead, a password is required immediately after the screen turns off.
|
|
|
|
- If you don't configure this policy setting on a domain-joined device, a user can't change the amount of time after the device's screen turns off before a password is required when waking the device. Instead, a password is required immediately after the screen turns off.
|
|
|
|
- If you don't configure this policy setting on a workgroup device, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose.
|
|
<!-- AllowDomainDelayLock-Description-End -->
|
|
|
|
<!-- AllowDomainDelayLock-Editable-Begin -->
|
|
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
|
|
<!-- AllowDomainDelayLock-Editable-End -->
|
|
|
|
<!-- AllowDomainDelayLock-DFProperties-Begin -->
|
|
**Description framework properties**:
|
|
|
|
| Property name | Property value |
|
|
|:--|:--|
|
|
| Format | `chr` (string) |
|
|
| Access Type | Add, Delete, Get, Replace |
|
|
<!-- AllowDomainDelayLock-DFProperties-End -->
|
|
|
|
<!-- AllowDomainDelayLock-AdmxBacked-Begin -->
|
|
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
|
|
|
|
**ADMX mapping**:
|
|
|
|
| Name | Value |
|
|
|:--|:--|
|
|
| Name | AllowDomainDelayLock |
|
|
| Friendly Name | Allow users to select when a password is required when resuming from connected standby |
|
|
| Location | Computer Configuration |
|
|
| Path | System > Logon |
|
|
| Registry Key Name | Software\Policies\Microsoft\Windows\System |
|
|
| Registry Value Name | AllowDomainDelayLock |
|
|
| ADMX File Name | CredentialProviders.admx |
|
|
<!-- AllowDomainDelayLock-AdmxBacked-End -->
|
|
|
|
<!-- AllowDomainDelayLock-Examples-Begin -->
|
|
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
|
|
<!-- AllowDomainDelayLock-Examples-End -->
|
|
|
|
<!-- AllowDomainDelayLock-End -->
|
|
|
|
<!-- DefaultCredentialProvider-Begin -->
|
|
## DefaultCredentialProvider
|
|
|
|
<!-- DefaultCredentialProvider-Applicability-Begin -->
|
|
| Scope | Editions | Applicable OS |
|
|
|:--|:--|:--|
|
|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
|
|
<!-- DefaultCredentialProvider-Applicability-End -->
|
|
|
|
<!-- DefaultCredentialProvider-OmaUri-Begin -->
|
|
```Device
|
|
./Device/Vendor/MSFT/Policy/Config/ADMX_CredentialProviders/DefaultCredentialProvider
|
|
```
|
|
<!-- DefaultCredentialProvider-OmaUri-End -->
|
|
|
|
<!-- DefaultCredentialProvider-Description-Begin -->
|
|
<!-- Description-Source-ADMX -->
|
|
This policy setting allows the administrator to assign a specified credential provider as the default credential provider.
|
|
|
|
- If you enable this policy setting, the specified credential provider is selected on other user tile.
|
|
|
|
- If you disable or don't configure this policy setting, the system picks the default credential provider on other user tile.
|
|
|
|
> [!NOTE]
|
|
> A list of registered credential providers and their GUIDs can be found in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.
|
|
<!-- DefaultCredentialProvider-Description-End -->
|
|
|
|
<!-- DefaultCredentialProvider-Editable-Begin -->
|
|
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
|
|
<!-- DefaultCredentialProvider-Editable-End -->
|
|
|
|
<!-- DefaultCredentialProvider-DFProperties-Begin -->
|
|
**Description framework properties**:
|
|
|
|
| Property name | Property value |
|
|
|:--|:--|
|
|
| Format | `chr` (string) |
|
|
| Access Type | Add, Delete, Get, Replace |
|
|
<!-- DefaultCredentialProvider-DFProperties-End -->
|
|
|
|
<!-- DefaultCredentialProvider-AdmxBacked-Begin -->
|
|
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
|
|
|
|
**ADMX mapping**:
|
|
|
|
| Name | Value |
|
|
|:--|:--|
|
|
| Name | DefaultCredentialProvider |
|
|
| Friendly Name | Assign a default credential provider |
|
|
| Location | Computer Configuration |
|
|
| Path | System > Logon |
|
|
| Registry Key Name | Software\Policies\Microsoft\Windows\System |
|
|
| ADMX File Name | CredentialProviders.admx |
|
|
<!-- DefaultCredentialProvider-AdmxBacked-End -->
|
|
|
|
<!-- DefaultCredentialProvider-Examples-Begin -->
|
|
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
|
|
<!-- DefaultCredentialProvider-Examples-End -->
|
|
|
|
<!-- DefaultCredentialProvider-End -->
|
|
|
|
<!-- ExcludedCredentialProviders-Begin -->
|
|
## ExcludedCredentialProviders
|
|
|
|
<!-- ExcludedCredentialProviders-Applicability-Begin -->
|
|
| Scope | Editions | Applicable OS |
|
|
|:--|:--|:--|
|
|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19041.1202] and later <br> ✅ Windows 10, version 20H2 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 with [KB5005101](https://support.microsoft.com/help/5005101) [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
|
|
<!-- ExcludedCredentialProviders-Applicability-End -->
|
|
|
|
<!-- ExcludedCredentialProviders-OmaUri-Begin -->
|
|
```Device
|
|
./Device/Vendor/MSFT/Policy/Config/ADMX_CredentialProviders/ExcludedCredentialProviders
|
|
```
|
|
<!-- ExcludedCredentialProviders-OmaUri-End -->
|
|
|
|
<!-- ExcludedCredentialProviders-Description-Begin -->
|
|
<!-- Description-Source-ADMX -->
|
|
This policy setting allows the administrator to exclude the specified credential providers from use during authentication.
|
|
|
|
Note credential providers are used to process and validate user credentials during logon or when authentication is required.
|
|
|
|
Windows Vista provides two default credential providers:
|
|
|
|
Password and Smart Card. An administrator can install additional credential providers for different sets of credentials (for example, to support biometric authentication).
|
|
|
|
- If you enable this policy, an administrator can specify the CLSIDs of the credential providers to exclude from the set of installed credential providers available for authentication purposes.
|
|
|
|
- If you disable or don't configure this policy, all installed and otherwise enabled credential providers are available for authentication purposes.
|
|
<!-- ExcludedCredentialProviders-Description-End -->
|
|
|
|
<!-- ExcludedCredentialProviders-Editable-Begin -->
|
|
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
|
|
<!-- ExcludedCredentialProviders-Editable-End -->
|
|
|
|
<!-- ExcludedCredentialProviders-DFProperties-Begin -->
|
|
**Description framework properties**:
|
|
|
|
| Property name | Property value |
|
|
|:--|:--|
|
|
| Format | `chr` (string) |
|
|
| Access Type | Add, Delete, Get, Replace |
|
|
<!-- ExcludedCredentialProviders-DFProperties-End -->
|
|
|
|
<!-- ExcludedCredentialProviders-AdmxBacked-Begin -->
|
|
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
|
|
|
|
**ADMX mapping**:
|
|
|
|
| Name | Value |
|
|
|:--|:--|
|
|
| Name | ExcludedCredentialProviders |
|
|
| Friendly Name | Exclude credential providers |
|
|
| Location | Computer Configuration |
|
|
| Path | System > Logon |
|
|
| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System |
|
|
| ADMX File Name | CredentialProviders.admx |
|
|
<!-- ExcludedCredentialProviders-AdmxBacked-End -->
|
|
|
|
<!-- ExcludedCredentialProviders-Examples-Begin -->
|
|
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
|
|
<!-- ExcludedCredentialProviders-Examples-End -->
|
|
|
|
<!-- ExcludedCredentialProviders-End -->
|
|
|
|
<!-- ADMX_CredentialProviders-CspMoreInfo-Begin -->
|
|
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
|
|
<!-- ADMX_CredentialProviders-CspMoreInfo-End -->
|
|
|
|
<!-- ADMX_CredentialProviders-End -->
|
|
|
|
## Related articles
|
|
|
|
[Policy configuration service provider](policy-configuration-service-provider.md)
|