Support Center > Search Results > SecureKnowledge Details
Automatic wrapping of third party credential providers Technical Level

Starting with E81.00, the Full Disk Encryption credential providers have automatic wrapping capabilities. When the providers are loaded, the registry will be searched for installed third party credential providers to wrap. The below credential providers are currently supported for automatic wrapping:

Password credential providers:

  • {B80B099C-62EA-43CD-9540-3DD26AF3B2B0} - ADSelfService Plus Credential Provider
  • {3DD6481A-A712-4C4C-88FF-6DDCAB28DE86} - PwdMgmtProvider
  • {25CA8579-1BD8-469C-B9FC-6AC45A161C18} - PanProvider/PanV2Provider
  • {F9CF286D-A029-41F9-86F6-90ACF0618AA4} - NCCredProvider
  • {36ED98C6-02FF-47E8-B7FE-957A411CEA16} - SIDCredentialProvider (RSA┬«)[1]
  • {5CDFA681-61C8-423D-999E-32EA10C5F7ED} - UtimacoCredentialProvider
  • {0780AF60-65C2-4718-942D-E0C56E89EF9B} - PasswordResetCredentialProvider
  • {D5DD451F-C9CE-464F-9D9B-85D442B5AEED} - SppCredentialProvider
  • {00002BA3-BCC4-4C7D-AEC7-363F164FD178} - SppCredentialProvider
  • {DE661FF1-9E44-4576-BB37-EF89A32BF484} - SSOXCredProv
  • {BD45456E-C5CF-48BD-86B1-B9607E2B9C9E} - VASCO OTP Credential Provider
  • {1BC7888C-A7EE-4E71-A596-DBB632F3FB8C} - VASCO OTP Credential Provider
  • {5D5C1F88-F7B9-4F9B-84A0-F32F4A7A63FE} - Entrust IdentityGuard Credential Provider (E81.20)[2]

Smart Card credential providers:

  • {05A69B2E-F05A-426B-BB43-7895A67B1A56} - ac.mscredprov.pincache

If several of the supported providers are installed, the first found provider in the list will be wrapped. The FDE password and Smart Card provider only support wrapping of one third party provider each.

The fdecontrol program located in the Full Disk Encryption installation directory can be used to view the current wrapped credential providers. Run fdecontrol with administrator rights from the command line to list all supported options. Use list-installed-providers to list installed and wrapped providers. The automatic wrapping can be turned off with the set-auto-wrapping-providers-off option.

If the installed third party provider is not in the supported list, use fdecontrol to manually wrap the provider (described in sk118817).

[1] The RSA credential provider filter setting to exclude all third-party credential providers cannot be enabled for wrapping to work. Please, see the RSA documentation for further information about this setting. Automatic wrapping will be denied if this setting is found. 

[2] Entrust must be configured to not filter out the FDE password credential provider. Please, see the Entrust IdentityGuard documentation for further information on how to allow credential providers. The provider to allow is FDECredentialProvider with GUID {FDEF1242-8B8B-4D0E-AE73-257CEB8776A5}. Automatic wrapping will be denied if this setting is not found.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document