How to disable additional credential providers RRS feed

  • General discussion

  • Scenario:

    Credential providers are in-process COM objects that are used to collect credentials and run in local system context. They are used to process and validate user credentials during logon or when authentications is required. For more information, please refer to this article Windows Interactive Logon Architecture.

    When users logon, there might be duplicate input boxes that need to input the credentials more than once on the logon screen, or there might be no place to sign in with the password, only displaying the smart card logon.

    The cause of these symptoms is likely to be the multiple credential providerswhich are usually caused by some third-party software. This article describes how to resolve this kind of issues.


    In order to solve the above issue, we should disable the additional credential providers.

    Step One: Check if the cause is multiple credential providers.

    1. Check the credential provider and find its CLSID used by last logged on. Open Registry Editor, and then navigate to the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI. On the right side, navigate to the String Value LastLoggedOnProvider whose data is the CLSID of credential provider, as shown in the figure below.
    2. Check Microsoft built-in credential providers. Boot into safe mode which would only load the built-in credential provider, and redo step 1.
    3. Check if the two CLSIDs in step 1 and 2 are the same. If not, we could disable the additional credential provider to solve this issue.

    Step Two: Disable the additional credential provider.

    Method 1: Using Group Policy.

    1. Open local Group Policy editor, navigate to Computer Configuration -> Administrative Templates -> System -> Logon, and then find the policy Exclude credential providers on the right side.
    2. Right Click Exclude credential providers, click Edit, click Enabled and enters the comma-separated CLSID which to exclude multiple credential providers during authentication.
    3. Click OK to save the changes.

    Method 2: Using Registry.

    1. Open Registry Editor , then Navigate to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
    2. Right click on the CLSID of the provider, select New -> DWORD (32-bit) Value, then enter the value name to Disabled, after that modify the value data to 1.
    3. The provider will be disabled on the next session which is created during log off, switch user, or reboot.

    Note: Credential providers are all defined in the following registry key with related CLSID: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.

    Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

    Wednesday, October 15, 2014 6:51 AM

All replies

  • Hello.
    I'm having a problem with Windows 10 Spotlight not working, and I read that multiple credential providers might be the issue. I've logged on in safe mode and in regular mode and found that the data values of LastLoggedProvider differ between those modes. However, after right clicking on LastLoggedOnProvider, the menu does not give me the selection New, and I therefore have no idea how to fix this. I only get the selections Change..., Change binary data..., Delete and Rename. I also have never heard of Group Policy, and can't find it in my computer.
    Wednesday, March 16, 2016 4:27 PM
  • Buy Bagek shirts
    Monday, April 27, 2020 6:27 PM