When uninstalling the Windows Credential Provider from a machine the uninstall password is required.
(Note: The Control Panel tool "AuthAnvil Logon Config" also requires the uninstall password)
The uninstall password is defined in a registry value called "UPWD". During a standard installation of the Windows Logon Agent the UPWD value is set to a default hashed string. As long as this registry value remains default the uninstallation will not prompt for an uninstall password.
In order to reset the uninstall password, whether you are trying to access the Control Panel tool or uninstalling the agent, you will need to run a silent mode installation overtop of the existing agent, leaving the UPWD value blank.
Here is an example of the silent mode script for the Windows Logon Agent from a command prompt:
AAWinLogonCP.exe /s SERVICEURL=https://auth.scorpionlabs.com/AuthAnvil/SAS.asmx SITEID=1 OVERRIDEPWD=MyOverridePassword
This command will install the agent without any prompts, assigning your SAS URL and site ID for the AuthAnvil 2FA server, as well as defining a new Override Password value in case you are locked out before modifying the agent. Default values are assigned to every other field, including the uninstall password (UPWD). After completing the silent mode install, the uninstall password will be reset and you will be able to uninstall the agent or access the Control Panel tool.
See this article for more information about Silent mode usage.
- AuthAnvil 2FA Windows Credential Provider Install Guide.
- How do you install Windows Logon agents on Command Line only systems?
- Deploying Windows Logon agent with RMM Tools.