Regenerate the GCPW token

As an administrator, you can regenerate your organization’s Google Credential Provider for Windows (GCPW) token. The client token allows GCPW to get your GCPW settings from the Google Admin console when a user first signs in. You might want to regenerate the token if an unauthorized person gets your GCPW installation file and you want to prevent your organization’s GCPW settings from exposure. If someone installs GCPW, your configuration settings could be inferred.

When you regenerate the GCPW token:

  • Devices that had any user sign in through GCPW aren’t affected when you reset the token. Users can still sign in through GCPW and settings in the Admin console are pushed to the device.
  • Any device that has the old token and no user sign in through GCPW won’t get GCPW settings from the Admin console. Additionally, if no GCPW registry settings are set on the device, sign-in is blocked.
  • To install GCPW on new devices, download the GCPW installer file again from your Admin console. The file will include the new token.

Regenerate the token

You must be signed in as a super administrator for this task.

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenMobile and endpointsand thenSettingsand thenWindows.
  3. Click Google Credential Provider for Windows (GCPW) setupand thenDownload GCPW.
  4. Click Regenerate Token and confirm that you want to regenerate the token.

    The token is updated in the Admin console. When you download a new GCPW installation file, it has the regenerated token embedded in it.

  5. (Optional) Download a new GCPW installation file to use for new devices.
  6. If any devices have GCPW but haven't had a user sign in yet, update the token on those devices. For instructions, continue to the next section.

Update the token on devices

Expand all  |  Collapse all

You can update the token on devices that haven't had a user sign in through GCPW in the following ways. We recommend you reinstall GCPW or run the registry file to avoid potential errors in the device's registry settings.

Reinstall GCPW with a client that has the new token

If you haven't already, download a new GCPW installation file:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenMobile and endpointsand thenSettingsand thenWindows.
  3. Click Google Credential Provider for Windows (GCPW) setupand thenDownload GCPW.
  4. Download the 64-bit or 32-bit GCPW installation file and distribute it to devices.

To update the token, on the device, run the installer. You can double-click the installation file or run the file from Command Prompt:

  1. Open the Command Prompt.
  2. To install the 64-bit client, run gcpwstandaloneenterprise64.exe as administrator. To install the 32-bit client, run gcpwstandaloneenterprise.exe as administrator.
Run a registry file on the device

You must be signed in as a super administrator for this task.

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenMobile and endpointsand thenSettingsand thenWindows.
  3. Click Google Credential Provider for Windows (GCPW) setupand thenDownload GCPW.
  4. Click registry file.
  5. Distribute the registry file to Windows devices.
  6. On the Windows device, double-click the registry file to run it. The token value in the registry is updated.
  7. Restart the device.
Edit registry settings on the device

You must be signed in as a super administrator for this task.

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenMobile and endpointsand thenSettingsand thenWindows.
  3. Click Google Credential Provider for Windows (GCPW) setupand thenDownload GCPW.
  4. In the box with the token, click Copy.
  5. Save the token somewhere convenient that you can access from other devices.
  6. On the Windows device, back up the current registry key and then import the new one:
    1. From the Windows Start menu, click Run.
    2. In the Run box, enter regedit.
    3. In Registry Editor, go to HKEY_LOCAL_MACHINE\Software\Policies\Google\CloudManagement.
    4. Double-click EnrollmentToken
    5. In the Value data box, paste the token.
    6. Click OK.
  7. Close Registry Editor and restart the device.

 


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

 

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
82321897233726515
true
Search Help Center
true
true
true
false
false