Web Account Manager (TokenBroker) Service Defaults in Windows 10

This service is used by Web Account Manager to provide single-sign-on to apps and services.

Default Settings

Startup type:Manual
Display name:Web Account Manager
Service name:TokenBroker
Service type:share
Error control:normal
Object:LocalSystem
Path:%SystemRoot%\system32\svchost.exe -k netsvcs -p
File:%SystemRoot%\System32\TokenBroker.dll
Registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TokenBroker
Privileges:
  • SeTcbPrivilege
  • SeAssignPrimaryTokenPrivilege
  • SeTakeOwnershipPrivilege
  • SeDebugPrivilege

Default Behavior

Web Account Manager is a Win32 service. In Windows 10 it is starting only if the user, an application or another service starts it. When the Web Account Manager service is started, it is running as LocalSystem in a shared process of svchost.exe along with other services. If Web Account Manager fails to start, the failure details are being recorded into Event Log. Then Windows 10 will start up and notify the user that the TokenBroker service has failed to start due to the error.

Dependencies

Web Account Manager cannot be started under any conditions, if the User Manager service is disabled.

Restore Default Startup Configuration for Web Account Manager

Before you begin doing this, make sure that all the services on which Web Account Manager depends are configured by default and function properly. See the list of dependencies above.

1. Run the Command Prompt as an administrator.

2. Copy the command below, paste it into the command window and press ENTER:

sc config TokenBroker start= demand

3. Close the command window and restart the computer.

The TokenBroker service is using the TokenBroker.dll file that is located in the %WinDir%\System32 folder. If the file is changed, damaged or deleted, you can restore its original version from Windows 10 installation media.