Policy
Exclude credential providers
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista
This policy setting allows the administrator to exclude the specified credential providers from use during authentication. Note: credential providers are used to process and validate user credentials during logon or when authentication is required. Windows Vista provides two default credential providers: Password and Smart Card. An administrator can install additional credential providers for different sets of credentials (for example, to support biometric authentication). If you enable this policy, an administrator can specify the CLSIDs of the credential providers to exclude from the set of installed credential providers available for authentication purposes. If you disable or do not configure this policy, all installed and otherwise enabled credential providers are available for authentication purposes.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Exclude the following credential providers: ID ExcludedCredentialProviders_Message | text | HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ExcludedCredentialProviders Type REG_SZ | None |
Other policies in this category
Explore related policies at the same level.
- ComputerAllow users to select when a password is required when resuming from connected standbyAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerAlways use classic logonWindows Server 2003 and versions of Windows from Windows XP Professional through Windows 7.
- ComputerAlways use custom logon backgroundWindows Server 2008 R2 and Windows 7
- ComputerAlways wait for the network at computer startup and logonAt least Windows Server 2003 operating systems or Windows XP Professional
- ComputerAssign a default credential providerAt least Windows Server 2016, Windows 10
- ComputerAssign a default domain for logonAt least Windows Vista
- ComputerBlock user from showing account details on sign-inAt least Windows Server 2016, Windows 10
- ComputerDo not display network selection UIAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerDo not display the Getting Started welcome screen at logonWindows 2000 only
- ComputerDo not enumerate connected users on domain-joined computersAt least Windows Server 2012, Windows 8 or Windows RT
- UserDo not process the legacy run listAt least Windows 2000
- ComputerDo not process the legacy run listAt least Windows 2000