2

When you get a certificate drop-down selection prompt in Edge or Chrome, how do you prevent it from showing certificates belonging to previous users?

Certificate issue:
Certificate issue

Background - I'm in charge of a unusual project to create a kiosk mode Windows 10 account for a multi-user government computer. Most of the users rely on their government issued "PIV" cards for authentication to log into various websites. Even though this is a multi-user computer, the users are handling sensitive HR forms and privacy is important. I've configured the kiosk mode as such. But the certificate prompt they see where they see former users' cards and names is a disaster and a privacy violation.

Right now I have a script running in the task scheduler that clears the certificate cache every 24 hours. But it's not a solution, just a workaround. Any ideas?

Rets86
  • 31

2 Answers2

0

Ok, so as noted in the comments I found the solution. It' super easy and convenient, hard to believe I didn't see it first.

Open the Registry with admin rights and navigate to/create:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\HID Global\ActivClient\CertificateRegistration

Add the following D-word and set it to 1:

AutoUnRegOnRemove

Now when users pull out their smart card it will always clear the certificate cache immediately.

Source- https://admx.help/?Category=ActivClient&Policy=HIDGlobal.Policies.HIDGlobal.ActivClient::AutoUnRegOnRemove

Rets86
  • 31
0

I am currently facing the same problem, would it be possible to share your script? Or have you already found another solution? Thanks in advance!

kevidevu
  • 1