locked
Group Policy to disable Credential Manager RRS feed

  • Question

  • I have enabled the following in group policy: Network access: Do not allow storage of credentials or .NET Passports for network authentication.

    I have other settings in GPO enabled, so I'm 100% certain the clients are getting the policy ok.  However, this setting doesn't seem to affect my Windows 7 machines.  The scenerio is from the Win 7 machine, I'm connecting to a Sharepoint server in another domain.  I'm prompted for credentials, which I enter domain\user, the password, and check the box to save my credentials.  I would expect with this GPO, even though I check the box that the credential would not be saved.  However, it is being saved in Credential Manager on the Win 7 machine.  The next time any user goes to sign in using that machine (shared Point of Sale machine), the previous username is presented and the user must choose "use another account" to be able to enter their password. 

    From everything I have read, this is the GPO that is supposed to prevent the credentials from being saved, but I can't seem to make it work.

    Thanks,

    Louis

     

    Monday, January 17, 2011 8:21 AM

Answers

  • Hi,

     

    Thanks for posting in Microsoft TechNet forums.

     

    Based on my test, I performed these steps:

    1 Delete all credentials on Credential Manager

    2 Go to GP editor, enable “Network access: Do not allow storage of passwords and credentials for network authentication”.

    3 Run “gpupdate /force” in command prompt

    4 Then access share folder of network

    5 Input username and password, do not choose “Remember my credentials”

     

    Thus when you access network next time, the credential request will pop-up again to ask your username and password.

     

    Furthermore, if you want to push PGO from the server, I suggest to ask Windows Server Forum for further help:

     

    http://social.technet.microsoft.com/Forums/en-US/category/windowsserver

     

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.  Thank you for your understanding.

     

     

    Regards,

    Leo   Huang

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Leo Huang Friday, January 21, 2011 8:06 AM
    Tuesday, January 18, 2011 8:39 AM

All replies

  • To disable password caching, follow these steps:

    1. Click Start, click Run, type regedit, and then click OK.

    2. Locate and then click the following registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

    1. On the Edit menu, click New, and then click DWORD Value.

    2. Type DisablePasswordCaching to name the new registry entry, and then press ENTER.

    3. Right-click DisablePasswordCaching, and then click Modify.

    4. Make sure that the Hexadecimal option button is selected, type 1 in the Value databox, and then click OK.

    5. Quit Registry Editor


      So I figured out that this is how to make the change happen that I wanted, but I would like to be able to push this out from the server so I don't have to modify each workstation manually.  Does anyone know how to accomplish this via GPO, or forcing this change at login (script, batch files, etc?)


      Thanks!


      Louis

    • Proposed as answer by Jason Milczek Tuesday, July 30, 2013 2:22 PM
    Monday, January 17, 2011 4:23 PM
  • Hi,

     

    Thanks for posting in Microsoft TechNet forums.

     

    Based on my test, I performed these steps:

    1 Delete all credentials on Credential Manager

    2 Go to GP editor, enable “Network access: Do not allow storage of passwords and credentials for network authentication”.

    3 Run “gpupdate /force” in command prompt

    4 Then access share folder of network

    5 Input username and password, do not choose “Remember my credentials”

     

    Thus when you access network next time, the credential request will pop-up again to ask your username and password.

     

    Furthermore, if you want to push PGO from the server, I suggest to ask Windows Server Forum for further help:

     

    http://social.technet.microsoft.com/Forums/en-US/category/windowsserver

     

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.  Thank you for your understanding.

     

     

    Regards,

    Leo   Huang

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Leo Huang Friday, January 21, 2011 8:06 AM
    Tuesday, January 18, 2011 8:39 AM
  • Hi,

     

    Did your issue solved? Please feel free give me any update.

     

    Thank you for your cooperation.

     

    Regards,

    Leo   Huang

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, January 20, 2011 3:12 AM
  • Hi,

     

    I will mark my reply as answer. It could help other communities here who have the same issue.

    Thanks for your cooperation!

     

    Regards,

    Leo   Huang

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, January 21, 2011 8:06 AM
  • Thank you so much for your assistance.  It took care of my problem.

    Dwill60

    Saturday, March 11, 2017 8:42 PM