Disable ADAL via Registry per computer
Judging from a Process Monitor session, it does not appear that Office programs consult the HKLM version of that value, even when the Identity key exists there. This Office support document (albeit for Office 2013) makes no mention of anything relevant under HKLM. If you have a Pro or Enterprise version of Windows, however, you can take advantage of the Group Policy infrastructure to set a Registry value for all users.
To do that, you can use my open-source program Policy Plus. Note that Policy Plus is still in development, so there could conceivably be bugs - please test on a non-production machine first, or at least back up the \Windows\System32\GroupPolicy folder. Anyway, once you get the program downloaded, you'll need a REG file corresponding to the change you want to make to each user. Adding the header to the fragment you supplied should do the job:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity]
"EnableADAL"=dword:00000000
Now run Policy Plus and choose Share | Import REG from the menu. You will be prompted for the policy section - choose User, since we want to apply this setting to the user GPO. In the REG import dialog, browse for the REG file you saved; the prefix should be automatically determined for you as HKEY_CURRENT_USER\. (This is necessary because the POL format uses hive-relative paths.) Click Import and the dialog should go away without any errors. Click File | Save Policies to commit the change to disk. After dismissing the success message, you can close Policy Plus.
You can verify that the appropriate value is set in your per-user Registry. All other users, even ones created before the change, should receive the value when they next log on.
Related videos on Youtube
01 : 59
![How to Disable the Registry Editor (Regedit) in Windows 10/8/7 [Tutorial]](https://i.ytimg.com/vi/LHZewLm4fas/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLDub_m2D_skDrEha_b1EtCAv441Og)
04 : 18
04 : 22
00 : 58
![How to Disable Access to the Windows Registry for Standard Account [Tutorial]](https://i.ytimg.com/vi/zwlVT9J7DK0/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLAexwqBQaZfbkYY5zs9zkRmqXUBVA)
03 : 22
Comments
-
Michael Frank over 1 year
As part of a project I am part of, we have need to disable Azure Active Directory Authentication Libraries (ADAL) within Office for all users to allow cross domain access to legacy SharePoint sites.
Currently we can set this on a per user basis with:
[HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity] "EnableADAL"=dword:00000000What we would like is to make this change at the Local Machine level.
I have checked in
HKLM, but there is no matching key at the\Identitylevel.Will simply creating the
keyanddwordbe enough to apply this fix to the entire computer?-
Vomit IT - Chunky Mess Style over 6 yearsWhat you are asking is simple enough to confirm by simply applying the fix/reg import at the machine level and then signing onto the machine with a couple domain test accounts or whatever. What are you waiting for to begin your testing to confirm or validate this suggested fix? You might look into making the HKCU setting apply as part of the default profile or whatever too and test if you set this key with the default profile if the HKCU registry setting could be set per use profile build if you know what I'm saying.... -
harrymc over 6 yearsDisabling MAPI-HTTP will also disable ADAL, that is, if you can work without it. This is done inHKEY_CURRENT_USER\Software\Microsoft\Exchange, settingMapiHttpDisabledto1and reboot.
-
-
Michael Frank over 6 yearsThanks Ben. While we didn't end up going with this solution, it did point us in the right direction for getting this resolved for us. Have some e-points. ;)