none
Prevent saving passwords in Credential Manager?

    Question

  • Due to frequent account lockouts caused by users saving domain credentials that are subsequently changed, I am trying to prevent Outlook Exchange account passwords and mapped drive passwords from being saved in the user's Windows profile.  I found a Computer policy that seems to do what I want:

    Network access: Do not allow storage of passwords and credentials for network authentication Enabled

    I applied the policy, did gpupdate and rebooted, logged into the workstation and then ran RSOP for the workstation which shows the group policy settings successfully applied.  However, passwords can still be saved anyway.

    This is on a Windows 10 workstation.

    Is there something else needed for Windows 10?

    Tuesday, October 13, 2015 12:24 AM

Answers

  • You can disallow the credential to be stored in the Credential Manager by setting the following registry entry to 1:

     

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa

    Value Name: DisableDomainCreds

    Value Type: REG_DWORD

    Value: 1

    Hope that helps.


    --- Jeff (Netwrix)

    Tuesday, October 13, 2015 2:21 PM

All replies

  • You can disallow the credential to be stored in the Credential Manager by setting the following registry entry to 1:

     

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa

    Value Name: DisableDomainCreds

    Value Type: REG_DWORD

    Value: 1

    Hope that helps.


    --- Jeff (Netwrix)

    Tuesday, October 13, 2015 2:21 PM
  • But it was disabling only windows credentials and certificate based credentials. Other credentials like Generic and other items are still saving. 

    

    Wednesday, May 9, 2018 5:14 AM