How to add AuthLite functionality onto another vendor's Credential Tile
Normally, AuthLite overrides and adds features to the default Microsoft credential tile presented on the Windows desktop.
(AuthLite Features) -> (Default Tile)
If you have another application that does the same thing, such as the password reset feature of Forefront Identity Manager (FIM)/Microsoft Identity Manager (MIM) then you will see "double" tiles on the login screen. One tile will have the AuthLite functionality, and one will have the other application's functionality.
(AuthLite Features) -> (Default Tile)
(Other Application) -> (Default Tile)
It is possible to consolidate these feature sets down into one tile by telling AuthLite the ID of the other vendor's credential provider. Then AuthLite will override the functionality of the third party tile instead of the default one.
(AuthLite Features) -> (Other Application) -> (Default Tile)
To do this, you need to perform the following steps:
- Discover the GUID of the other application's credential tile.
- Create a group policy object that tells AuthLite to override this credential provider, instead of the default one.
- Apply the group policy object to your workstations.
At the time of this writing, the FIM password reset GUID is: {3DD6481A-A712-4c4c-88FF-6DDCAB28DE86} . You can look in RegEdit at the
HKLM\Software\Microsoft\Windows\Current Version \ Authentication \ Credential Providers
section to see all the provider GUIDs. In each sub-key you will see the name of the provider which may be enough of a clue to discern the right one. Otherwise, contact the vendor of your other application.
When authoring a group policy object, follow these settings to create a registry value. It should be a Computer setting (so hive = HKEY_LOCAL_MACHINE), and the Key Path should be:
Software\Policies\Collective Software\AuthLite
The Value name should be:
CredprovChain
and the Value data should be the GUID of the other application's credential provider that was discovered above.
Ensure you link the group policy in a manner to affect the workstations and/or servers that have both AuthLite and the other application installed. If the other application is not present, then this setting will break the AuthLite credential tile behavior on that host.
You may need to restart a host to cause the credential tile to reset to the new behavior.