Summary

When using RDP in combination with DAWL you get "connect a smart card" i.s.o. the DAWL credential provider.
This article explains how to disable/remove the smart card credential provider.

   

 

Problem Solution.

If you are not using the Windows smart card credential provider, it can be removed so you do not get the option to use Smart Card to login when doing an RDP session. 
To remove the Smart Card credential provider on the RDP server, disable the credential provider with CLSID {8FD7E19C-3BF7-489B-A72C-846AB3678C96} 

There are two methods to disable the credential provider:

Method 1: Using Group Policy. 

Open local Group Policy editor, navigate to Computer Configuration -> Administrative Templates -> System -> Logon.
Find the policy "Exclude credential providers" on the right side. 
Right Click "Exclude credential providers", click Edit, click Enabled and enter the comma-separated list of CLSIDs to exclude.
Click OK to save the changes. 

Method 2: Using Registry. 

Open Registry Editor , then Navigate to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers 
Right click on the CLSID of the Smart Card Credential provider, select New -> DWORD (32-bit) Value, then set the value name to Disabled, after that modify the value data to 1. 
The provider will be disabled on the next session which is created during log off, switch user, or reboot. 

When you now start an RDP session to this server, you will only get the DAWL credential provider:

   

PS: working in the registry involves a risk. Make a backup of the registry before making any changes.

 

_________________________________________________________________________________________________________________

Security Status: External

Document type: How To 

Applies to: Digipass Authentication for Widows Logon (DAWL)

Old KB Reference: 150179