I recently got a nice new HP laptop with Windows 7 Home Premium pre-installed. It also has a fingerprint reader which can be used to sign in to Windows – nifty! So, I set up and started using the fingerprint reader as my login method. However, I noticed that this caused the Windows login screen to always show a “fingerprint” image/icon instead of my personal profile icon (since the fingerprint method was always the “last used” login method), and that just bothered me because why bother to set up a user icon if you’re almost never going to see it?!
So, I started trying to figure out how to get my user profile icon to show instead of this blah fingerprint. First I tried looking through HP’s “SimplePass” (AuthenTec) program which is what comes pre-installed for managing and using the biometric fingerprint information. I eventually found there was a place where you could set a “profile picture” in the SimplePass application. “This must be it!” I thought. However, I found that setting the profile picture in SimplePass does not replace the fingerprint on the logon screen – bummer.
Then I went down the road of finding out where that fingerprint icon was stored. “I might be able to replace it with a resource editor“, I thought, though that can be tricky with Windows file protection. I eventually found that the fingerprint icon is stored in a Windows 7 dll called “BioCredProv.dll”. I spent quite some time trying to figure out how to replace the fingerprint icon within that dll with my own profile image (using various resource editors), but was not successful with this.
Eventually, something else struck me. I realized that when my profile username/image was showing on the login screen, I was still able to scan my fingerprint over the reader and it would log me in. What if I could always make “my” username/profile image show as the default on the login screen no matter what?? Then I would have my profile image back and I could still log in with the fingerprint reader.
I suppose the method that I found to accomplish this will only work if you are able to log in with a fingerprint swipe while your default username/profile is showing on the login screen (maybe this is common or standard?). Setting this up also involves making changes to the Windows registry, so if you’re not comfortable with that then don’t attempt. Standard disclaimer: I’m not responsible for any damage you do to your system by attempting these changes 🙂
After investigation and testing, I found the registry item “LogonUI” under HKEY LOCAL MACHINE:
HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI
This has a key called “LastLoggedOnProvider” with a long GUID string as its value. You can find the GUID strings for different “Credential Providers” in the Credential Providers key right above the LogonUI key. With some testing (logging in using just the fingerprint and logging in using the password), I was able to confirm my password provider GUID which was {6F45DC1E-5384-457A-BC13-2CD81B0D28ED} I think this GUID may be the same for other systems as well? But I’m unsure.
I also had to account for the “LastLoggedOnProvider” registry key under:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\1
As well as the “LoggedOnUsername” in this “SessionData” key (in my case “.\\bdragon”).
So, I wrote up a registry file (.reg) with the following content:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI]
"LastLoggedOnProvider"="{6F45DC1E-5384-457A-BC13-2CD81B0D28ED}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\1]
"LoggedOnUsername"=".\\bdragon"
"LastLoggedOnProvider"="{6F45DC1E-5384-457A-BC13-2CD81B0D28ED}"
Then I created a shortcut to load this registry file using the import option of reg.exe (“reg import”)”:
Target:
C:\Windows\System32\reg.exe import SetLogonProvider.reg
Start in:
C:\Users\bdragon\Documents\SCRIPTS\SetLogonProvider
Run: Minimized
I added this shortcut to the startup folder (I do have UAC (user account control) turned off, so unsure of what types of prompts this would cause with it turned on)… and it seems to have done the trick nicely! I get my lovely actual profile pic when rebooting or locking the system, and I can still scan my finger and log in quickly that way!
Thank you for this post.
I implemented this by adding a task in the task scheduler. Trigger: user logon, action: run “reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnProvider /d {6F45DC1E-5384-457A-BC13-2CD81B0D28ED} /f”, task options: run with highest privileges
This does not prevent the win biometrics provider to appear when just locking the session, but one could extend the command or call a batch file the also sets the SessionData keys.
Here’s a solution that worked for me:
1. Download and install Resourcer: http://anolis.codeplex.com/releases/view/32286
2. Make a copy of C:\Windows\system32\biocredprov.dll and store it in a non-system folder
3. Using Resourcer, open the copied biocredprov.dll file
4. Replace the blue fingerprint bitmap image with your own 128×128 bitmap.
5. Save, and close Resourcer.
6. Rename the original file to preserve it (I used “biocredprov.dll.bak”), and replace it with the edited copy.
7. Restart Windows (or log out), and you’ll now see your image for the fingerprint prompt
A couple of notes…
You probably can’t do step 6 with Windows running because you won’t have access permission to rename or replace the file. I used a live Ubuntu Linux CD to do the rename/replace. When I rebooted, it was all set. Also, you might not want to replace the red version of the fingerprint image (it’s used when your scan is rejected). Finally, this is only a good solution for a single-user setup like mine because it will use the same image for everyone that logs on with the fingerprint scanner. Since I’m the only user on my machine, it’s not an issue for me…
Hope this is helpful!
Cheers,
Richard
By the way, thanks for your post! It was what pointed me to the right DLL file to begin with. I tried Resource Hacker first, and it could open and read the DLL, but would throw an “Access Denied” error when attempting to view/change the bitmaps. A little more googling, and I eventually came across Resourcer, which worked like a charm.
I’m running Windows 7 Ultimate x64 SP1, in case anyone is wondering…
Cheers,
Richard
I am glad this helps anyone… I got frustrated not finding much about “fixing” this “problem” out there… When I was trying the resource editor (can’t remember which ones, tried at least a couple) my 128×128 bitmap would not “take” properly – it was always like black or something, must have been something wrong with my bitmap ha ha 🙂
I also didn’t know if it would be worth it with Windows file protection (or whatever they’re calling it nowadays). I figured it might replace it at some point with the “real” / original dll and I’d be out of luck for all my efforts.
At least with the registry hack I would be able to easily change the profile pic the regular way and easily have a different pic whenever I wanted as well.
_You can change your Photo files from jpeg to bmp (using MS paint).
_About Window file protection, you can use this software :http://www.mydigitallife.info/take-and-grant-full-control-permissions-and-ownership-in-windows-7-or-vista-right-click-menu/
note: I have tested and it works 100% for Win 7.
^^!
Thanks for writing this up I was able to follow the information without any issues. My only problem now is that this only works for when you first log on it doesn’t work for “switch user” or “lock” is there a registry method that can make this work for those as well?
I don’t know that much about it but I only use 1 account so it seems like there must be a way to just completely disable the “Last Logged On” system and set a default display thats always the same thing so that switch user and lock would display the same thing as log on regardless of whether the last log on was different or not… If anyone knows how to do this in registry I’d appreciate the help.
you can also download tweak logon software for window 7.