[Reference] Suppress SSPR Registration Page at Logon

  • Article

The default behavior of the rich SSPR client is to check the user's password registration status at every logon. If the user is not registered for FIM password reset in the portal the configured registration URL is presented to the user.

Scenario

The FIM SSPR rich client is being deployed to client workstations. Password registration in the FIM Portal is voluntary.

Company policy is such that any pop-up displaying a web page other than the corporate default is prohibited. Hence the rich client presentation of the registration page at user logon needs removed.

 

How the rich client SSPR registration works

Among the executables installed with the rich client is MsPwdRegistration.exe. This is the Password Management User Registration application. MsPwdRegistration.exe is installed in %systemroot%\system32.

An entry is placed in the run key in the registry to allow the executable to run. By default it runs at every user logon. At each launch the user's registration is checked. If the user is not registered in the FIM Portal they will be presented with the web page configured in the registry.

In the TechNet link for the FIM 2010 R2 Rich Client there are group policy and registry settings available to manage the frequency at which the client checks user registration status. However there are no settings to disable checking.

 

Workaround

It appears the least invasive way to suppress the registration check and subsequent web page presentation for unregistered users is to remove the executable from the Run key in the registry. This key may be added/removed as desired. The absence of this registry value only prevents the executable from running at logon. The executable is still present in the file system. The executable may still be invoked manually.

The following command lines either removes the MsPwdRegistration.exe value from the registry or adds it.

Remove: reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v PasswordRegistration /f

Add: reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v PasswordRegistration /t REG_SZ /d C:\Windows\System32\MsPwdRegistration.exe /f

 

More Information

Here are some sample screenshots displaying the registry locations and the registration page displayed to users at logon.

Run key registry value:

 

Password Registration URL specified in registry:

 

Basic password reset registration page popup: