Using Ctrl + Alt + Del to change password only presents a Smart Card login dialog

  • 7018433
  • 04-Jan-2017
  • 11-Jan-2017

Environment

Micro Focus Client for Open Enterprise Server 2 SP4 (IR5)

Situation

When changing the password on demand (Ctrl + Alt + Del + change password) the computer requires a smart card. There is no other option available. Smart cards are not used for user logins, but certain applications may require Smart Card drivers to be present on the PC.  This is causing users to not be able to change their password on demand.

When the drivers for the smart card reader are removed, the option to change the password becomes available. But then, it's no longer possible to use the Smart Card reader for applications requiring it.

Resolution

Workaround:

Add the following additional GUIDs to the "FilterList" value under [HKEY_LOCAL_MACHINE\Software\Novell\Authentication\NCCredProvider]:

{1b283861-754f-4022-ad47-a5eaaa618894}
{1ee7337f-85ac-45e2-a23c-37c753209769}
{8FD7E19C-3BF7-489B-A72C-846AB3678C96}
{94596c7e-3744-41ce-893e-bbf09122f76a}

These are the Windows 10 Credential Provider CLSIDs for, respectively:

Smartcard Reader Selection Provider
Smartcard WinRT Provider
Smartcard Credential Provider
Smartcard Pin Provider

Cause

This issue is seen because another credential provider was /also/ able to return a credential for the current logged-on user.  Typically that's not the case, but in this problem scenario the Microsoft in-box smart card credential provider is returning a credential for the CPUS_CHANGE_PASSWORD scenario. Windows is selecting and using the smart card credential instead of  NCCredProvider's credential.