On our active directory domain joined golden image with default credential providers, when a user resumes from screen saver or unlocks the screen, they are immediately presented with a field to type their password.
Once that computer has been turned into a linked clone, the VMWare agent installs a new credential provider and filter that presents an additional screen during the unlock sequence that requires a user to click on their user tile/icon. This step seems unnecessary and given that we are not using VMWare Workspace we are wondering if anything would break if we revert to the standard windows credential provider via a post recompose script?
Update:
I set a dword key pair Disabled=1 in the filter and provider GUID's and that prevented the VMWare Client initial logon from passing credentials to the guest, Had to enter credentials manually after clicking on a "Other User" tile. However, that did prevent the user tile from showing up during subsequent Ctrl-Alt-Del unlocks. Disabling the provider appears to not be a solution. Plus the provider dll probably fires off other important actions besides passing credentials.
End Update
Why is this additional tile screen needed? Will there be a future agent release that makes it optional? We want a transition for our users to be seamless and not require unnecessary tile clicking.
VMWare provider dll:
%ProgramFiles%\VMWare\Vmware View\Agent\bin\wscredf.dll 5.2.0.17180 build 987719
Registry Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers(Filters)\
Provider GUID: BEBE672F-B0E3-4354-BB86-4EF127A55B6A wscredp
Filter GUID: 39FA3429-F61A-4975-9653-327BCE27C037 wscredf
Some interesting URL's I found during my research of credential providers:
Two detailed Microsoft resources
http://technet.microsoft.com/en-us/library/ff404303(v=ws.10)
Custom Login Experiences: Credential Providers in Windows Vista
Microsoft - Disabling a provider
Testing a Credential Provider - Active Directory Blog - Site Home - TechNet Blogs
Showing different user tiles for token and fingerprint based providers:
Writing your own credential provider with samples:
Update 1/6/14:
I found that after logging in from the View Client, if you set the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\1\LastLoggedOnProvider = {6F45DC1E-5384-457A-BC13-2CD81B0D28ED} and copy the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\1\LoggedOnSAMUser to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\1\LoggedOnUsername, on subsequent unlocks and reconnects, that extra tile screen can be bypassed. Now if VMware could just reproduce that with some work by the agent!
End update