How do I access a system protected by the Windows Credential Provider in an emergency?

There may be situations in which it becomes important to bypass the AuthAnvil Two Factor Auth Windows Logon Agent to remove it. Some examples could include:

  • A defect in the agent causing logon failure
  • No access is available to the AuthAnvil Two Factor Auth Web Service, and offline caching mode is not enabled
  • Need to change the Override Password without logging in

These should be rare occasions and examples that should not be taken lightly. The purpose of the agent is to enforce strong authentication, and it significantly weakens that purpose when people take it upon themselves to unload the agent.
 

Server 2008 and newer

Likewise the Credential Provider utilizes a registry setting that loads the AuthAnvil Two Factor Auth Credential Provider at boot. You can find that in the registry at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{ABAA8F45-5683-42b5-BC15-E44D6CBB8ED4}.

To remove a credential provider, you should boot into safe mode without networking or remotely connect to the registry and remove the registry key named above and reboot the computer.

Have more questions? Submit a request

0 Comments

Article is closed for comments.