Home

Disable Windows automatic redeployment at logon screen

%3CLINGO-SUB%20id%3D%22lingo-sub-148966%22%20slang%3D%22en-US%22%3EDisable%20Windows%20automatic%20redeployment%20at%20logon%20screen%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-148966%22%20slang%3D%22en-US%22%3E%3CP%3ELooking%20for%20a%20way%20to%20disable%20the%20automatic%20redeployment%20screen%20from%20ever%20showing%20up.%20I%20have%20been%20unable%20to%20find%20a%20GPO%2C%20registry%20setting%2C%20DISM%20or%20powershell%20command%20that%20can%20do%20this.%20It%20is%20a%20scree%20that%20will%20show%20up%20once%20windows%20auto%20logon%20is%20disabled%20on%20our%20multi-user%20domain%20computers.%20The%20devices%20are%20running%201709%20(FCU)%20and%20if%20you%20click%20sign-in%20options%20it%20will%20show%20the%20normal%20login%2C%20but%20if%20you%20enter%20a%20admin%20account%20it%20will%20reset%20windows%20to%20factory.%20We%20are%20using%20SCCM%20but%20not%20Intune.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20410px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F27444i9217EFBFFE80D401%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22redeploy.JPG%22%20title%3D%22redeploy.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-216151%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20Windows%20automatic%20redeployment%20at%20logon%20screen%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-216151%22%20slang%3D%22en-US%22%3E%3CP%3EI%20just%20wanted%20to%20add%20a%20note%20that%20according%20to%20Imprivata's%20knowledgebase%20this%20issue%20has%20been%20corrected%20in%20Imprivata%20OneSign%205.5%20SP1.%20So%20you%20can%20either%20upgrade%20to%20that%20version%20or%20apply%20the%20registry%20key%20workaround.%20If%20you%20have%20access%20to%20Imprivata's%20knowledgebase%20the%20relevant%20article%20is%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fimpr.force.com%2FNewCommunityArticleView%3Furl%3DkAA410000008ONMGA2%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fimpr.force.com%2FNewCommunityArticleView%3Furl%3DkAA410000008ONMGA2%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-195418%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20Windows%20automatic%20redeployment%20at%20logon%20screen%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-195418%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20Michael.%20I%20pasted%20the%20first%20part%20of%20you%20message%20that%20worked%20for%20me.%20The%20one%20comment%20I%20would%20make%20is%20that%20I%20don%E2%80%99t%20think%20the%20key%20existed%20until%20I%20loaded%20the%20Imprivata%20software.%20Then%2C%20when%20it%20asked%20to%20reboot%20I%20did%20the%20registry%20edit.%20I%20am%20perplexed%20why%20there%20isn%E2%80%99t%20more%20complaints%20on%20the%20web%20about%20this%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20again.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E----------------------------------------------%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EONE-SIGN%20AGENT%20ENABLES%20WINDOWS%20REDEPLOYMENT%20FEATURE%20ON%20ENDPOINTS%20THAT%20HAVE%20WINDOWS%2010%201709%20INSTALLED%3A%20(DEFECT%20%23SER-4807)%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3E1.)%20Run%20Regedit%20on%20the%20Windows%2010%20Endpoint.%20%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3E2.)%20Navigate%20to%20%5BHKLM%5D%5CSOFTWARE%5CMicrosoft%5CWindows%5CCurrentVersion%5CAuthentication%5CCredential%20Providers%20%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3E3.)%20Rename%20%E2%80%9CWrapper%20for%20Automatic%20Redeployment%20Credential%20Provider%E2%80%9D%20with%20the%20following%20GUID%20%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3E%7B11660363-49E2-4F87-AB2E-FD210019AE88%7D%20by%20adding%20an%20%22_%22%20at%20the%20front%20so%20the%20string%20should%20look%20like%20this%3A%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3E_%7B11660363-49E2-4F87-AB2E-FD210019AE88%7D%20%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EThis%20will%20prevent%20the%20issue%20from%20happening.%20Now%20you%20can%20reboot%20the%20Windows%2010%20machine%20and%20the%20redeployment%20option%20will%20not%20come%20back%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-191525%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20Windows%20automatic%20redeployment%20at%20logon%20screen%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-191525%22%20slang%3D%22en-US%22%3EThank%20you%20michael%20miller!%3CBR%20%2F%3EWe%20also%20have%20Imprivata.%20We%20run%205.3%20and%20also%20had%20this%20bug.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-176626%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20Windows%20automatic%20redeployment%20at%20logon%20screen%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-176626%22%20slang%3D%22en-US%22%3EWe%20called%20Imprivata.%20The%20first%20guy%20we%20got%20didn't%20know%20anything%20about%20what%20we%20were%20talking%20about%2C%20and%20told%20us%20it%20was%20a%20Microsoft%20Windows%2010%20problem%20(well%2C%20sure%20--%20but%20it%20is%20being%20planted%20by%20Imprivata).%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20called%2030%20minutes%20later%2C%20after%20we%20discovered%20that%20it%20was%20only%20happening%20on%20Imprivata%205.4%20and%20higher%20(and%20not%205.3).%3CBR%20%2F%3E%3CBR%20%2F%3EThey%20have%20internal%20KB%20articles%20that%20they%20don't%20share%20with%20the%20world.%20Here's%20the%20answer%20to%20this%20problem%20according%20to%20their%20internal%20KB%3A%3CBR%20%2F%3E----------------------------------------------%3CBR%20%2F%3EONE-SIGN%20AGENT%20ENABLES%20WINDOWS%20REDEPLOYMENT%20FEATURE%20ON%20ENDPOINTS%20THAT%20HAVE%20WINDOWS%2010%201709%20INSTALLED%3A%20(DEFECT%20%23SER-4807)%3CBR%20%2F%3E%3CBR%20%2F%3E1.)%20Run%20Regedit%20on%20the%20Windows%2010%20Endpoint.%20%3CBR%20%2F%3E2.)%20Navigate%20to%20%5BHKLM%5D%5CSOFTWARE%5CMicrosoft%5CWindows%5CCurrentVersion%5CAuthentication%5CCredential%20Providers%20%3CBR%20%2F%3E3.)%20Rename%20%E2%80%9CWrapper%20for%20Automatic%20Redeployment%20Credential%20Provider%E2%80%9D%20with%20the%20following%20GUID%20%3CBR%20%2F%3E%7B11660363-49E2-4F87-AB2E-FD210019AE88%7D%20by%20adding%20an%20%22_%22%20at%20the%20front%20so%20the%20string%20should%20look%20like%20this%3A%3CBR%20%2F%3E%3CBR%20%2F%3E_%7B11660363-49E2-4F87-AB2E-FD210019AE88%7D%20%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20will%20prevent%20the%20issue%20from%20happening.%20Now%20you%20can%20reboot%20the%20Windows%2010%20machine%20and%20the%20redeployment%20option%20will%20not%20come%20back.%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20the%20above%20workaround%20does%20not%20resolve%20the%20issue%20then%20follow%20the%20workaround%20below%2C%20but%20this%20should%20not%20be%20necessary%3A%3CBR%20%2F%3E%3CBR%20%2F%3EAfter%20installing%20the%20Agent%2C%20but%20before%20rebooting*%20(do%20not%20allow%20the%20installer%20to%20reboot%20yet)%2C%20rename%20the%20whole%20registry%20key%3A%3CBR%20%2F%3E%7B11660363-49E2-4F87-AB2E-FD210019AE88%7D%3CBR%20%2F%3Eto%20something%20else.%20Then%20reboot%2C%20and%20you%20should%20not%20be%20forced%20into%20Windows%20Automatic%20Redeployment.%3CBR%20%2F%3EHere%20is%20the%20key%2C%20as%20originally%20installed%20by%20the%20Agent%3A%3CBR%20%2F%3E%5BHKEY_LOCAL_MACHINE%5CSOFTWARE%5CMicrosoft%5CWindows%5CCurrentVersion%5CAuthentication%5CCredential%20Providers%5C%7B11660363-49E2-4F87-AB2E-FD210019AE88%7D%5D%3CBR%20%2F%3E%40%3D%22OneSign%20Wrapper%20for%20Automatic%20Redeployment%20Credential%20Provider%22%3CBR%20%2F%3E%22WrappedCLSID%22%3D%22%3CBR%20%2F%3E%7B01A30791-40AE-4653-AB2E-FD210019AE88%7D%3CBR%20%2F%3E-------------------------------------------------------%3CBR%20%2F%3EWe%20deployed%20this%20change%20as%20an%20Update%20via%20GPO%20Local%20Machine%20registry.%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-174749%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20Windows%20automatic%20redeployment%20at%20logon%20screen%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-174749%22%20slang%3D%22en-US%22%3EAfter%20updating%20the%20BIOS%20on%20a%20Dell%20PC%20running%20W10%20Pro%20under%20Intune%20management%2C%20I%20was%20presented%20with%20the%20Redeploy%20Windows%20option%20at%20the%20login%20screen.%20It%20was%20not%20requested%20and%20not%20wanted.%20The%20PC%20is%20currently%20resetting.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-168735%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20Windows%20automatic%20redeployment%20at%20logon%20screen%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-168735%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20ran%20in%20to%20the%20same%20issue%20when%20I%20installed%20Imprivata%20Onesign%20it%20must%20have%20enabled%20the%20auto%20logon.%20I%20was%20not%20sure%20what%20had%20ha-pend%20at%20first.%20as%20soon%20as%20i%20uninstalled%20the%20software%20i%20was%20able%20to%20click%20other%20user%20to%20sign%20in%20again.%20have%20not%20found%20a%20work%20around%20yet.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-160564%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20Windows%20automatic%20redeployment%20at%20logon%20screen%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-160564%22%20slang%3D%22en-US%22%3E%3CP%3ESame%20here%20-%20as%20soon%20as%20we%20use%20autologon%20automatic%20redeploy%20gets%20activated%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-159397%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20Windows%20automatic%20redeployment%20at%20logon%20screen%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-159397%22%20slang%3D%22en-US%22%3EI%20have%20the%20exact%20same%20issue%20-%20for%20some%20reason%20the%20login%20screen%20defaults%20to%20automatically%20redeploy%20instead%20of%20user%20login.%20I%20too%20can't%20seem%20to%20figure%20out%20a%20way%20to%20get%20this%20changed.%3C%2FLINGO-BODY%3E
Deleted
Not applicable

Looking for a way to disable the automatic redeployment screen from ever showing up. I have been unable to find a GPO, registry setting, DISM or powershell command that can do this. It is a scree that will show up once windows auto logon is disabled on our multi-user domain computers. The devices are running 1709 (FCU) and if you click sign-in options it will show the normal login, but if you enter a admin account it will reset windows to factory. We are using SCCM but not Intune.

redeploy.JPG

8 Replies
I have the exact same issue - for some reason the login screen defaults to automatically redeploy instead of user login. I too can't seem to figure out a way to get this changed.

Same here - as soon as we use autologon automatic redeploy gets activated

We ran in to the same issue when I installed Imprivata Onesign it must have enabled the auto logon. I was not sure what had ha-pend at first. as soon as i uninstalled the software i was able to click other user to sign in again. have not found a work around yet.

After updating the BIOS on a Dell PC running W10 Pro under Intune management, I was presented with the Redeploy Windows option at the login screen. It was not requested and not wanted. The PC is currently resetting.
We called Imprivata. The first guy we got didn't know anything about what we were talking about, and told us it was a Microsoft Windows 10 problem (well, sure -- but it is being planted by Imprivata).

We called 30 minutes later, after we discovered that it was only happening on Imprivata 5.4 and higher (and not 5.3).

They have internal KB articles that they don't share with the world. Here's the answer to this problem according to their internal KB:
----------------------------------------------
ONE-SIGN AGENT ENABLES WINDOWS REDEPLOYMENT FEATURE ON ENDPOINTS THAT HAVE WINDOWS 10 1709 INSTALLED: (DEFECT #SER-4807)

1.) Run Regedit on the Windows 10 Endpoint.
2.) Navigate to [HKLM]\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
3.) Rename “Wrapper for Automatic Redeployment Credential Provider” with the following GUID
{11660363-49E2-4F87-AB2E-FD210019AE88} by adding an "_" at the front so the string should look like this:

_{11660363-49E2-4F87-AB2E-FD210019AE88}

This will prevent the issue from happening. Now you can reboot the Windows 10 machine and the redeployment option will not come back.

If the above workaround does not resolve the issue then follow the workaround below, but this should not be necessary:

After installing the Agent, but before rebooting* (do not allow the installer to reboot yet), rename the whole registry key:
{11660363-49E2-4F87-AB2E-FD210019AE88}
to something else. Then reboot, and you should not be forced into Windows Automatic Redeployment.
Here is the key, as originally installed by the Agent:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{11660363-49E2-4F87-AB2E-FD210019AE88}]
@="OneSign Wrapper for Automatic Redeployment Credential Provider"
"WrappedCLSID"="
{01A30791-40AE-4653-AB2E-FD210019AE88}
-------------------------------------------------------
We deployed this change as an Update via GPO Local Machine registry.
Thank you michael miller!
We also have Imprivata. We run 5.3 and also had this bug.

 

Thanks Michael. I pasted the first part of you message that worked for me. The one comment I would make is that I don’t think the key existed until I loaded the Imprivata software. Then, when it asked to reboot I did the registry edit. I am perplexed why there isn’t more complaints on the web about this issue.

 

Thanks again.

 

----------------------------------------------
ONE-SIGN AGENT ENABLES WINDOWS REDEPLOYMENT FEATURE ON ENDPOINTS THAT HAVE WINDOWS 10 1709 INSTALLED: (DEFECT #SER-4807)

1.) Run Regedit on the Windows 10 Endpoint.
2.) Navigate to [HKLM]\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
3.) Rename “Wrapper for Automatic Redeployment Credential Provider” with the following GUID
{11660363-49E2-4F87-AB2E-FD210019AE88} by adding an "_" at the front so the string should look like this:

_{11660363-49E2-4F87-AB2E-FD210019AE88}

This will prevent the issue from happening. Now you can reboot the Windows 10 machine and the redeployment option will not come back

I just wanted to add a note that according to Imprivata's knowledgebase this issue has been corrected in Imprivata OneSign 5.5 SP1. So you can either upgrade to that version or apply the registry key workaround. If you have access to Imprivata's knowledgebase the relevant article is https://impr.force.com/NewCommunityArticleView?url=kAA410000008ONMGA2

 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies