Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Windows 10 / Fix: Windows Needs Your Current Credentials Pop-up Message

February 27, 2023 Questions and AnswersWindows 10Windows 11

Fix: Windows Needs Your Current Credentials Pop-up Message

After signing into an Active Directory or Azure AD domain-joined computer running Windows 10/11, the user may see the following pop-up message in the lower right corner of the desktop:

Windows needs your current credentials.
Please lock this computer, then unlock it using your most recent password or smart card.

Windows needs your current credentials notification

 

You may try to lock the computer screen (press Win+L) and enter the password/PIN for your account, but the pop-up message will reappear after a while.

In some cases, when you lock the screen and enter your password, you may find that your AD account is locked out 

If the issue occurs when you sign in to a computer with a Microsoft (or Azure AD) account with a Windows Hello configured PIN, the most likely reason is that your current PIN was created based on your previous password. To resolve the issue, try creating a new PIN for your account.

  1. Go to Settings -> Accounts -> You info (use a Settings URI shortcut command: ms-settings:yourinfo ) and click Verify;
    If you are logged in with a Microsoft account, this option should be available. If not, click “Sign in with a Microsoft Account instead”.
    Verify Microsoft account credentials on Windows 10
  2. Sign in to your Microsoft account and restart your computer. Once that’s done, Windows should stop asking you for credentials.

If you’re signed in to a computer with an Azure account and the device has network drives mapped under a local Active Directory account, Windows may require you to verify your AD credentials. If this is the case, you need to remove all mapped network drives using the command:

net use * /delete

Another recommendation is to clear saved credentials in the Windows Credential Manager. For that, run the command rundll32.exe keymgr.dll, KRShowKeyMgr and remove all entries.

Clear all credentials from the Windows Credential Manager

You can also disable the re-entry of credentials (not to be confused with Windows auto-login) on an Active Directory computer using a GPO:

  1. You can use either the local Group Policy editor on your computer ( gpedit.msc ) or the domain Group Policy Management console ( gpmc.msc );
  2. Go to Computer Configuration -> Administrative Templets -> System -> Logon and find the option “Always wait for the network at computer startup and logon”;
  3. Set the policy on Disable and save the changes; Group Policy: Always wait for the network at computer startup and logon
  4. Restart your computer to apply the new Group Policy settings.
You can set this registry setting using PowerShell:

$null = Set-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name 'SyncForegroundPolicy' -Value 0 -Type 'DWord'

One more thing to check on is to make sure the Logon Hours restrictions are not configured in the AD for this user’s account.

Sometimes users in an Active Directory domain get the credentials re-entry notification when the Kerberos ticket has expired. You can display information about a user’s Kerberos tickets with the command:

klist

You can also use the klist command to refresh your Kerberos ticket and AD group memberships without a reboot.

Enter your password to update your Kerberos ticket. This way, after the screen is locked and you re-enter your password, your Kerberos ticket will be updated and you will not be asked for your credentials again. If you want to be sure that your problem is related to Kerberos, open the AD Attribute Editor and enable the “Do not require Kerberos preauthentication” userAccountControl attribute. Once you turn it on, you will no longer receive Windows requests for your credentials. Still, leaving this setting enabled is not recommended for security reasons.

Disable Kerberos Pre-Authentication flag for user account in Active Directory

If your network uses hybrid authentication (both AAD and AD) or you are performing a cloud migration, you can get rid of the annoying request for credentials on computers in AAD by changing the DNS settings to external DNS servers instead of your local Active Directory name servers.

0 comment
0
Facebook Twitter Google + Pinterest
previous post
Allow or Prevent Non-Admin Users from Reboot/Shutdown Windows
next post
How to Enable TLS 1.2 on Windows

Related Reading

Zabbix: How to Get Data from PowerShell Scripts

October 27, 2023

Tracking Printer Usage with Windows Event Viewer Logs

October 19, 2023

How to Use Ansible to Manage Windows Machines

September 25, 2023

Installing Language Pack in Windows 10/11 with PowerShell

September 15, 2023

How to View and Change BIOS (UEFI) Settings...

September 13, 2023

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Zabbix: How to Get Data from PowerShell Scripts

    October 27, 2023
  • Tracking Printer Usage with Windows Event Viewer Logs

    October 19, 2023
  • PowerShell: Configure Certificate-Based Authentication for Exchange Online (Azure)

    October 15, 2023
  • Reset Root Password in VMware ESXi

    October 12, 2023
  • How to Query and Change Teams User Presence Status with PowerShell

    October 8, 2023
  • How to Increase Size of Disk Partition in Ubuntu

    October 5, 2023
  • How to Use Ansible to Manage Windows Machines

    September 25, 2023
  • Installing Language Pack in Windows 10/11 with PowerShell

    September 15, 2023
  • Configure Email Forwarding for Mailbox on Exchange Server/Microsoft 365

    September 14, 2023
  • How to View and Change BIOS (UEFI) Settings with PowerShell

    September 13, 2023

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • 0x80244010 Exceeded Max Server Round Trips: Windows Update Error
  • How to Disable or Uninstall Internet Explorer (IE) in Windows
  • Printer Settings Could Not Be Saved, Operation Not Supported
  • How to Force Remove a Printer That Won’t Uninstall on Windows
  • Group Policy Management in Active Directory
  • Shutdown/Restart Windows using Command Prompt and PowerShell
  • Internet Time Synchronization Failed on Windows
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top