How to disable forced password login when Windows login agent is installed

How to disable forced password login when Windows login agent is installed

Objective       

When the Windows login agent is installed, it enforces password-based login as the default authentication method on the Windows login screen. As a result, other authentication methods such as Windows Hello (Face, PIN) or Smart Card login become optional and are not presented as primary login methods. This article explains how to disable the forced password login behavior.

Prerequisites       

  • Administrative privileges on the target machine
  • Administrator access to the Group Policy Management Console (GPMC)

Steps to follow     

Manual method : Update settings on a single machine

  1. Press Windows + R to open the Run dialog box.
  2. Type regedit and press Enter.
  3. If prompted by User Account Control, click Yes to allow the Registry Editor to make changes.
  4. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ZOHO CORP\ADSelfService Plus Client Software.
  5. Locate the key named ShowSelectedTile.
  6. Modify the value of ShowSelectedTile to FALSE.
  7. Click OK.

Using a GPO: Update settings on multiple machines 

Step 1: Create a new GPO
  1. Log in to the domain controller with administrative credentials.
  2. Press Windows + R to open the Run dialog box.
  3. Type gpmc.msc and press Enter to open the GPMC.
  4. On the left pane, navigate to Group Policy Objects.
  5. Right-click Group Policy Objects and select New.
  6. In the New GPO dialog box, enter a name for the GPO (e.g., ADSSP_LoginAgent_Tile_Disable).
  7. Click OK.
 
Step 2: Edit the newly created GPO  
  1. Right-click the GPO you just created.
  2. Select Edit. This will open the Group Policy Management Editor.
  3. In the Group Policy Management Editor, navigate to Computer Configuration > Preferences > Windows Settings > Registry.
 
Step 3: Add the registry entry to enable the login bypass  
  1. Right-click Registry on the left pane.
  2. Navigate to New > Registry Item.
  3. In the New Registry Properties window, configure the following:
    • Action: Update
    • Hive: HKEY_LOCAL_MACHINE
    • Key Path: SOFTWARE\WOW6432Node\ZOHO Corp\ADSelfService Plus Client Software
    • Value name: ShowSelectedTile
    • Value type: REG_SZ
    • Value data: false
    • Base: String (default option)
  4. Click Apply, then OK.
 
Step 4: Link the GPO  
  1. Close the editor.
  2. Link the GPO to the relevant OU or domain.
  3. Apply the GPO to the target machines by running the following:
Infogpupdate /force 

Validation and confirmation 

  • Once the GPO is deployed, verify if the above settings are deployed by using the command gpresult /r.
  • You may also check the registry on the client by navigating to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ZOHO Corp\ADSelfService Plus Client SoftwareEnsure the ShowSelectedTile key exists and is set to False.

How to reach support                               

If the issue persists, contact our support team here

      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                      Related Products