As an administrator, you can regenerate your organization’s Google Credential Provider for Windows (GCPW) token. The client token allows GCPW to get your GCPW settings from the Admin console when a user first signs in. You might want to regenerate the token if an unauthorized person gets your GCPW installation file and you want to prevent your organization’s GCPW settings from exposure. If someone installs GCPW, your configuration settings could be inferred.
When you regenerate the GCPW token:
- Devices that had any user sign in through GCPW aren’t affected when you reset the token. Users can still sign in through GCPW and settings in the Admin console are pushed to the device.
- Any device that has the old token and no user sign-in through GCPW won’t get GCPW settings from the Admin console. Additionally, if no GCPW registry settings are set on the device, sign-in is blocked.
- To install GCPW on new devices, download the GCPW installer file again from your Admin console. The file will include the new token.
Regenerate the token
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu
Devices
Mobile and endpoints
- Click Google Credential Provider for Windows (GCPW) setup
- Click Regenerate Token and confirm that you want to regenerate the token.
The token is updated in the Admin console. When you download a new GCPW installation file, it has the regenerated token embedded in it.
- (Optional) Download a new GCPW installation file to use for new devices.
- If any devices have GCPW but haven't had a user sign in yet, update the token on those devices. For instructions, continue to the next section.
Update the token on devices
You can update the token on devices that haven't had a user sign in through GCPW in the following ways. We recommend you reinstall GCPW or run the registry file to avoid potential errors in the device's registry settings.
If you haven't already, download a new GCPW installation file:
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu
-
Click Google Credential Provider for Windows (GCPW) setup
- Download the 64-bit or 32-bit GCPW installation file and distribute it to devices.
To update the token, on the device, run the installer. You can double-click the installation file or run the file from Command Prompt:
- Open the Command Prompt.
- To install the 64-bit client, run gcpwstandaloneenterprise64.exe as administrator. To install the 32-bit client, run gcpwstandaloneenterprise.exe as administrator.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu
- Click Google Credential Provider for Windows (GCPW) setup
- Click registry file.
- Distribute the registry file to Windows devices.
- On the Windows device, double-click the registry file to run it. The token value in the registry is updated.
- Restart the device.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu
- Click Google Credential Provider for Windows (GCPW) setup
- In the box with the token, click Copy.
- Save the token somewhere convenient that you can access from other devices.
- On the Windows device, back up the current registry key then import the new one:
- From the Windows Start menu, click Run.
- In the Run box, enter regedit.
- In Registry Editor, go to HKEY_LOCAL_MACHINE\Software\Policies\Google\CloudManagement.
- Double-click EnrollmentToken.
- In the Value data box, paste the token.
- Click OK.
- Close Registry Editor and restart the device.
