????
Current Path : C:/Windows/PolicyDefinitions/en-US/ |
Current File : C:/Windows/PolicyDefinitions/en-US/CredentialProviders.adml |
<?xml version="1.0" encoding="utf-8"?> <!-- (c) 2006 Microsoft Corporation --> <policyDefinitionResources xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions"> <displayName>enter display name here</displayName> <description>enter description here</description> <resources> <stringTable> <string id="DefaultLogonDomain">Assign a default domain for logon</string> <string id="DefaultLogonDomain_Help">This policy setting specifies a default logon domain, which might be a different domain than the domain to which the computer is joined. Without this policy setting, at logon, if a user does not specify a domain for logon, the domain to which the computer belongs is assumed as the default domain. For example if the computer belongs to the Fabrikam domain, the default domain for user logon is Fabrikam. If you enable this policy setting, the default logon domain is set to the specified domain, which might be different than the domain to which the computer is joined. If you disable or do not configure this policy setting, the default logon domain is always set to the domain to which the computer is joined.</string> <string id="ExcludedCredentialProviders">Exclude credential providers</string> <string id="ExcludedCredentialProviders_Help">This policy setting allows the administrator to exclude the specified credential providers from use during authentication. Note: credential providers are used to process and validate user credentials during logon or when authentication is required. Windows Vista provides two default credential providers: Password and Smart Card. An administrator can install additional credential providers for different sets of credentials (for example, to support biometric authentication). If you enable this policy, an administrator can specify the CLSIDs of the credential providers to exclude from the set of installed credential providers available for authentication purposes. If you disable or do not configure this policy, all installed and otherwise enabled credential providers are available for authentication purposes.</string> <string id="Logon">Logon</string> <string id="AllowDomainPINLogon">Turn on convenience PIN sign-in</string> <string id="AllowDomainPINLogon_Help">This policy setting allows you to control whether a domain user can sign in using a convenience PIN. If you enable this policy setting, a domain user can set up and sign in with a convenience PIN. If you disable or don't configure this policy setting, a domain user can't set up and use a convenience PIN. Note: The user's domain password will be cached in the system vault when using this feature. To configure Windows Hello for Business, use the Administrative Template policies under Windows Hello for Business.</string> <string id="BlockDomainPicturePassword">Turn off picture password sign-in</string> <string id="BlockDomainPicturePassword_Help">This policy setting allows you to control whether a domain user can sign in using a picture password. If you enable this policy setting, a domain user can't set up or sign in with a picture password. If you disable or don't configure this policy setting, a domain user can set up and use a picture password. Note that the user's domain password will be cached in the system vault when using this feature.</string> <string id="AllowDomainDelayLock">Allow users to select when a password is required when resuming from connected standby</string> <string id="AllowDomainDelayLock_Help">This policy setting allows you to control whether a user can change the time before a password is required when a Connected Standby device screen turns off. If you enable this policy setting, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose. If you disable this policy setting, a user cannot change the amount of time after the device's screen turns off before a password is required when waking the device. Instead, a password is required immediately after the screen turns off. If you don't configure this policy setting on a domain-joined device, a user cannot change the amount of time after the device's screen turns off before a password is required when waking the device. Instead, a password is required immediately after the screen turns off. If you don't configure this policy setting on a workgroup device, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose.</string> <string id="DefaultCredentialProvider">Assign a default credential provider</string> <string id="DefaultCredentialProvider_Help">This policy setting allows the administrator to assign a specified credential provider as the default credential provider. If you enable this policy setting, the specified credential provider is selected on other user tile. If you disable or do not configure this policy setting, the system picks the default credential provider on other user tile. Note: A list of registered credential providers and their GUIDs can be found in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.</string> <string id="AllowSecurityKeySignIn">Turn on security key sign-in</string> <string id="AllowSecurityKeySignIn_Help">This policy setting allows you to control whether users can sign in using external security keys. If you enable this policy setting, users can sign in with external security keys. If you disable or don't configure this policy setting, users can't sign in with external security keys.</string> </stringTable> <presentationTable> <presentation id="DefaultLogonDomain"> <textBox refId="DefaultLogonDomain_Message"> <label>Default Logon domain:</label> </textBox> <text>Enter the name of the domain</text> </presentation> <presentation id="ExcludedCredentialProviders"> <textBox refId="ExcludedCredentialProviders_Message"> <label>Exclude the following credential providers:</label> </textBox> <text>Enter the comma-separated CLSIDs for multiple credential providers to be excluded from use during authentication. For example: {ba0dd1d5-9754-4ba3-973c-40dce7901283},{383f1aa4-65dd-45bc-9f5a-ddd2f222f07d}</text> </presentation> <presentation id="DefaultCredentialProvider"> <textBox refId="DefaultCredentialProvider_Message"> <label>Assign the following credential provider as the default credential provider:</label> </textBox> <text>Enter the CLSID of a credential provider to be the default credential provider. For example: {ba0dd1d5-9754-4ba3-973c-40dce7901283}</text> </presentation> </presentationTable> </resources> </policyDefinitionResources>