How do I access a system protected by the Windows Logon Agent in an emergency?

There may be situations in which it becomes important to bypass the AuthAnvil Two Factor Auth Windows Logon Agent to remove it. Some examples could include:

  • A defect in the agent causing logon failure
  • No access is available to the AuthAnvil Two Factor Auth Web Service, and offline caching mode is not enabled
  • Need to change the Override Password without logging in

These should be rare occasions and examples that should not be taken lightly. The purpose of the agent is to enforce strong authentication, and it significantly weakens that purpose when people take it upon themselves to unload the agent.

The Windows Logon Agent utilizes a registry setting that loads the agent at boot. You can find that in the registry at 

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{00AB56B7-F30A-49E8-93E0-97D1F5E3C12E


You can remove agent as well by booting into safe mode without networking or remotely connect to the registry and remove the registry key named above and reboot the computer.

Have more questions? Submit a request


Article is closed for comments.