locked
How to set smart card as default login provider on Windows 10? RRS feed

  • Question

  • Hi,

    On Windows 7 we would set the LastLoggedOnProvider value under the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData path to the smart card credential provider which is {8BF9A910-A8FF-457F-999F-A5CA10B4A885} on Windows 7. This would result in the smart card login being the default authentication method but still allow username/password login by clicking "Other Credentials".

    When we try to set LastLoggedOnProvider to {8FD7E19C-3BF7-489B-A72C-846AB3678C96} which is the new smart card credential provider value on Windows 10, it does not work.  We would like to default the credential provider to smart card instead of username/password.  We still want the username/password to be available so we don't want to completely exclude or disable the credential provider.  In Windows 7 this is relatively straightforward by using the LastLoggedOnProvider values but this does not appear to work for Windows 10.  We do not want to enable the function to remember the last logged on user account as this is prohibited by our security policy. 

    Is there any way in Windows 10 to set the default credential provider for "Other User" to smart card instead of username/password?  Right now when the OS boots up, Other User is defaulted to a username/password login.  The user has to click on the Sign-in Options and then click the Smart Card icon in order to access the smart card login screen.

    Thanks

    Josh
    Tuesday, October 27, 2015 6:37 PM

Answers

  • Well it appears that there is a group policy in Windows 10 under Computer Configuration>Administrative Templates>System>Logon, and set the value in Assign a default credential provider to {8FD7E19C-3BF7-489B-A72C-846AB3678C96} which is the smart card provider.

    This does appear to make smart card the default logon provider at the Windows 10 "Other User" screen.  The user can still click sign-in options to switch to username/password if desired.  Hope this helps somebody else for Windows 10 at least.
    Tuesday, October 27, 2015 8:51 PM

All replies

  • Well it appears that there is a group policy in Windows 10 under Computer Configuration>Administrative Templates>System>Logon, and set the value in Assign a default credential provider to {8FD7E19C-3BF7-489B-A72C-846AB3678C96} which is the smart card provider.

    This does appear to make smart card the default logon provider at the Windows 10 "Other User" screen.  The user can still click sign-in options to switch to username/password if desired.  Hope this helps somebody else for Windows 10 at least.
    Tuesday, October 27, 2015 8:51 PM
  • Hi,

    Thanks for your sharing, I just would like to share the links here to let other community member know the detailed steps:

    How to assign default Credential Provider in Windows 10
    http://www.thewindowsclub.com/assign-default-credential-provider-windows-10

    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, November 2, 2015 9:36 AM
  • You can also set this directly in the registry key:

    REG ADD HKLM\SOFTWARE\Policies\Microsoft\Windows\System /v DefaultCredentialProvider /t REG_SZ /d {8FD7E19C-3BF7-489B-A72C-846AB3678C96}

    Just thought I would add this for those running scripted installs to avoid opening GP editor.

    Sean

    Wednesday, April 19, 2017 1:27 PM
  • Hi,

    Can you (or someone) provide instructions on using group policy to have Windows 10 login default to the smart card reader (or present you with the smart card login when a smart card is inserted).  I read the instructions for local gpo edit, but I want to make all computers across the domain automatically present the pin challenge when a smart card is inserted (so you don't have to hit "other login options" and manually select smart card reader).  Any help is appreciated.

    CP


    Craig Patton

    Monday, August 21, 2017 12:00 PM
  • I'll assume you are using the smartcard with single sign-on, Try this. The concept isn't to set the default credential provider to the smart card, but to disable the one that Windows 10 keeps reverting back to (UserID and password + SSO). This will not disable UserID and password, only disable it in regards to SSO. Open the registry (with caution of course) navigate to the Credential providers key HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers and take a look at the first credential provider "OnexCredentialProvider". If you disable this CredProv, your system will default to the Smartcard when it's inserted. To Disable it, open the {07AA0886-CC8D-4e19-A410-1C75AF686E62} key and add a new DWORD (32-bit) value. the Value Name is Disabled and the Value Data is 1. exit and reboot.. This fixed my systems - credit goes to Evan L. at Microsoft.
    Thursday, August 24, 2017 8:46 PM
  • Has anyone been able to get this to work for Windows 10?

    I've assigned the "LastLoggedOnProvider" to the  "Assign a default credential provider" setting and yet when I restart it still defaults to User + Pass.

    Is this just a bug in windows 10 or is their a legit fix for this?

    Thanks for your time

    Ty

    Friday, October 13, 2017 11:39 AM
  • I'm having the same issue on Win10 1709

    MZ

    Tuesday, April 24, 2018 4:04 PM
  • Kate, and what about Windows 8.1.
    This solution is meant to be implemented on Windows 10 workstations, as stated in this artcle,  but our company uses several thousands of Windows 8.1 machines. (just migrated from Windows 7). I checked the registry and when i changed  the policy wich is repsonsible for this setting, the registry setting is done by the policy. But on windows 8.1 workstations nothing changes in the behavior of the logon screen :-(

    Please let me know if there is another way to accomplish this issue.

    greetz Matthijs Vossen
    Wednesday, May 8, 2019 9:01 AM