2019-06-17T20:13:08Z kzstock [Event ID 360] Warning: User Device Registration: Windows Hello for Business | Login User
Scrap 2nd.
3

[Event ID 360] Warning: User Device Registration: Windows Hello for Business | Login User

1st:
2: 2019-05-01

Verification: Windows 10 Pro Fall Creators Update, 1709



When upgrading to Windows 10 version 1709, the Windows Hello for Business security alert is now recorded in the event ID 360 of the Event Viewer.

According to my research, it was safe to leave the Windows Hello for Business warning.

This article notes the steps taken on my computer based on the information posted to the Windows 10 Forums.

However, the procedure to make a note is a method to prevent Event ID 360 from being recorded in the event log, so it will not be displayed in the event viewer and it is not a fundamental solution as it is actually a warning.


Event viewer message

The information recorded in the event log is as follows.

Event viewer message
messageWindows Hello for Business provisioning will not be launched.
Device is AAD joined (AADJ or DJ ++): Not Tested
User has logged on with AAD credentials: No
Windows Hello for Business policy is enabled: Not Tested
Local computer meets Windows hello for business hardware requirements: Not Tested
User is not connected to the machine via Remote Desktop: Yes
User certificate for on promise auth policy is enabled: Not Tested
Machine is governed by none policy.
See https://go.microsoft.com/fwlink/?linkid=832647 for more details.
Log nameMicrosoft-Windows-User Device Registration/Admin
SourceUser Device Registration
Event ID360
levelwarning
userLogin user

There were 2 ways to fix it

All steps are for using the registry editor.

Although "Repair method 2" is effective in my environment, it seems that there are cases where it is not recorded in the event log by "Repair method 1", so make a note of the two procedures.
Registry operation is at your own risk
Before operating the registry editor
Make a backup of the registry in case of unforeseen circumstances.

Repair method 1

※ There was no effect in my environment.

This procedure is a procedure to correct the value set in the following registry key.
{23B8D46B-67DD-40A3-B636-D43E50552C6D}
1. Start Registry Editor
  • Windows Key + R
  • Enter "regedit" in the box next to the name
  • OK Click on the
2. Search the registry
Search GUID: {23B8D46B-67DD-40A3-B636-D43E50552C6D}

You can check the GUID by Event ID: 360 Property Details.

Searching for a GUID will hit multiple locations, but will look for a GUID that hits under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet .
3. Change the value of Enabled to 0
It is found in the following hierarchy.

\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-Application\{23b8d46b-67dd-40a3-b636-d43e50552c6d}

It was changed to Enabled = 0 because it was Enabled = 1.
The image is the one before change.

Enabled: 1
4. End of procedure
Restart your computer and check the event viewer.
This procedure has succeeded if the event ID 360 is no longer recorded.

However, there was no effect in my environment.
The following is a source of information for this procedure.
I've already explained in my previous posts the way to prevent this event from logging in Event Viewer, event id 360

Simply modify a value in Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger seek for the appropriate GUID and modify a value from enabled 1 to 0. Reboot pc and the error is gone.

Same app for Kernel PnP Event id 219 events, (The driver\Driver\WudfRd failed to load for the device SWD\WPDBUSENUM) and event id 37 (AppContainer profile failed with error 0x800700B7 because it was unable to register AppContainer SID).

Repair method 2

※ Effective in my environment

This procedure is a procedure to correct the value set in the following registry key.

Microsoft-Windows-User Device Registration/Admin
1. Microsoft-Windows-User Device Registration/Admin
Start Registry Editor
Search for Microsoft-Windows-User Device Registration/Admin.
It is found in the following hierarchy.

\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-User Device Registration/Admin

OwningPublisher: {23b8d46b-67dd-40a3-b636-d43e50552c6d}, so it seems to be related to "Repair method 1".

Enabled changed from 1 to 0.

Enabled Before change
2. Restart your computer
The error is no longer recorded in Event Viewer after restarting the computer.

This procedure was effective in my environment.

The following is a source of information for this procedure.
To get rid of the error in event log I have navigated to:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-User Device Registration/Admin]
and changed "Enabled" to "0"

What is Windows Hello?

Windows Hello was a security feature added from Windows 10 that provides the ability to log into devices running Windows 10 using faces, fingerprints, irises of the eyeball, etc.

It is a function without our VAIO 10 years ago. ('ω')
Windows Hello is a feature that allows you to sign in to Windows 10 devices in a more personal way, just by looking and touching. This provides a level of security that is adopted by the enterprise without entering a password.

end
次の投稿 前の投稿 ホーム

0 件のコメント:

コメントを投稿

にゃんつくばっと