共用方式為

Case Study – How to Enable or Disable “Remember my credentials” in IE in credential window.

  • 發行項

Symptom

Customers wants to show “Remember my credentials” in IE in credential window but always failed.

Root Cause Analysis

We all know that when you try to view a Web site that is protected with a password, you are prompted to type your security credentials in the Enter Network Password dialog box. If you click to select the Save this password in your password list check box in this dialog box, the computer saves your password so that you do not have to type the password again when you try to use the same document. This behavior is known as password caching.

According to KB229940:

To disable password caching, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.

2. Locate and then click the following registry subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

3. On the Edit menu, click New, and then click DWORD Value.

4. Type DisablePasswordCaching to name the new registry entry, and then press ENTER.

5. Right-click DisablePasswordCaching, and then click Modify.

6. Make sure that the Hexadecimal option button is selected, type 1 in the Value data box, and then click OK.

7. Quit Registry Editor.

To enable password caching, you can either delete the DisablePasswordCaching entry, or change its value to 0.

If there isn’t existing DisablePasswordCaching, its value is 0 by default.

But even customer applied below steps, it seems DisablePasswordCaching still cannot control the credential caching as we expected:

1) Enable it by set DisablePasswordCaching as 0 in registry,

2) Install MS14-010: https://technet.microsoft.com/en-us/security/bulletin/ms14-010

After research and test we find there is a GPO blocks it:

Once enable “Do not allow storage of passwords and credentials for network authentication” in GPO, password cachingdoes not work even setting DisablePasswordCaching as 0.

clip_image002

clip_image004

Solution

To disable password caching, please achieve one of below steps:

1) DisablePasswordCaching under “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings” is 1.

2) Or, GPO “Do not allow storage of passwords and credentials for network authentication” is enabled.

To enable password caching, please confirm:

1) DisablePasswordCaching under “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings” is 0 or not existing.

2) And, GPO “Do not allow storage of passwords and credentials for network authentication” is not configured or disabled.

References

How to disable Internet Explorer password caching

https://support.microsoft.com/kb/229940

Network access: Do not allow storage of passwords and credentials for network authentication

https://technet.microsoft.com/en-us/library/jj852185.aspx

"Remember my credentials" check box is displayed after you disable the check box in Internet Explorer 9 in Windows 7

https://support.microsoft.com/kb/2917478/en-us

Microsoft Security Bulletin MS14-010 - Critical

Cumulative Security Update for Internet Explorer (2909921)

Published: Tuesday, February 11, 2014

https://technet.microsoft.com/en-us/security/bulletin/ms14-010

 

Regards,

Xiaoman Wang from GBSD DSI Team

Comments

  • Anonymous
    November 18, 2015
    If I want to do this for all users, Can I do the same thing for HKLM instead of HKCU?

  • Anonymous
    January 15, 2016
    The comment has been removed