Forum Discussion
Disable Windows automatic redeployment at logon screen
Looking for a way to disable the automatic redeployment screen from ever showing up. I have been unable to find a GPO, registry setting, DISM or powershell command that can do this. It is a scree tha...
We called Imprivata. The first guy we got didn't know anything about what we were talking about, and told us it was a Microsoft Windows 10 problem (well, sure -- but it is being planted by Imprivata).
We called 30 minutes later, after we discovered that it was only happening on Imprivata 5.4 and higher (and not 5.3).
They have internal KB articles that they don't share with the world. Here's the answer to this problem according to their internal KB:
----------------------------------------------
ONE-SIGN AGENT ENABLES WINDOWS REDEPLOYMENT FEATURE ON ENDPOINTS THAT HAVE WINDOWS 10 1709 INSTALLED: (DEFECT #SER-4807)
1.) Run Regedit on the Windows 10 Endpoint.
2.) Navigate to [HKLM]\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
3.) Rename “Wrapper for Automatic Redeployment Credential Provider” with the following GUID
{11660363-49E2-4F87-AB2E-FD210019AE88} by adding an "_" at the front so the string should look like this:
_{11660363-49E2-4F87-AB2E-FD210019AE88}
This will prevent the issue from happening. Now you can reboot the Windows 10 machine and the redeployment option will not come back.
If the above workaround does not resolve the issue then follow the workaround below, but this should not be necessary:
After installing the Agent, but before rebooting* (do not allow the installer to reboot yet), rename the whole registry key:
{11660363-49E2-4F87-AB2E-FD210019AE88}
to something else. Then reboot, and you should not be forced into Windows Automatic Redeployment.
Here is the key, as originally installed by the Agent:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{11660363-49E2-4F87-AB2E-FD210019AE88}]
@="OneSign Wrapper for Automatic Redeployment Credential Provider"
"WrappedCLSID"="
{01A30791-40AE-4653-AB2E-FD210019AE88}
-------------------------------------------------------
We deployed this change as an Update via GPO Local Machine registry.
We called 30 minutes later, after we discovered that it was only happening on Imprivata 5.4 and higher (and not 5.3).
They have internal KB articles that they don't share with the world. Here's the answer to this problem according to their internal KB:
----------------------------------------------
ONE-SIGN AGENT ENABLES WINDOWS REDEPLOYMENT FEATURE ON ENDPOINTS THAT HAVE WINDOWS 10 1709 INSTALLED: (DEFECT #SER-4807)
1.) Run Regedit on the Windows 10 Endpoint.
2.) Navigate to [HKLM]\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
3.) Rename “Wrapper for Automatic Redeployment Credential Provider” with the following GUID
{11660363-49E2-4F87-AB2E-FD210019AE88} by adding an "_" at the front so the string should look like this:
_{11660363-49E2-4F87-AB2E-FD210019AE88}
This will prevent the issue from happening. Now you can reboot the Windows 10 machine and the redeployment option will not come back.
If the above workaround does not resolve the issue then follow the workaround below, but this should not be necessary:
After installing the Agent, but before rebooting* (do not allow the installer to reboot yet), rename the whole registry key:
{11660363-49E2-4F87-AB2E-FD210019AE88}
to something else. Then reboot, and you should not be forced into Windows Automatic Redeployment.
Here is the key, as originally installed by the Agent:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{11660363-49E2-4F87-AB2E-FD210019AE88}]
@="OneSign Wrapper for Automatic Redeployment Credential Provider"
"WrappedCLSID"="
{01A30791-40AE-4653-AB2E-FD210019AE88}
-------------------------------------------------------
We deployed this change as an Update via GPO Local Machine registry.
Thanks Michael. I pasted the first part of you message that worked for me. The one comment I would make is that I don’t think the key existed until I loaded the Imprivata software. Then, when it asked to reboot I did the registry edit. I am perplexed why there isn’t more complaints on the web about this issue.
Thanks again.
----------------------------------------------
ONE-SIGN AGENT ENABLES WINDOWS REDEPLOYMENT FEATURE ON ENDPOINTS THAT HAVE WINDOWS 10 1709 INSTALLED: (DEFECT #SER-4807)
1.) Run Regedit on the Windows 10 Endpoint.
2.) Navigate to [HKLM]\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
3.) Rename “Wrapper for Automatic Redeployment Credential Provider” with the following GUID
{11660363-49E2-4F87-AB2E-FD210019AE88} by adding an "_" at the front so the string should look like this:
_{11660363-49E2-4F87-AB2E-FD210019AE88}
This will prevent the issue from happening. Now you can reboot the Windows 10 machine and the redeployment option will not come back
I just wanted to add a note that according to Imprivata's knowledgebase this issue has been corrected in Imprivata OneSign 5.5 SP1. So you can either upgrade to that version or apply the registry key workaround. If you have access to Imprivata's knowledgebase the relevant article is https://impr.force.com/NewCommunityArticleView?url=kAA410000008ONMGA2
