Troubleshooter: Preventing Users from Storing Credentials

Teach your users why storing credentials on machines they might not control is a bad idea.

Paul Robichaux

January 25, 2004

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Can we prevent our Outlook Web Access (OWA) users from saving their credentials, accidentally or on purpose, on computers they might not control?

You can prevent users from saving their OWA logon credentials, but this measure might not work as well as you hope. The Microsoft article "How to Disable Internet Explorer Password Caching" (http://support.microsoft.com/?kbid=229940) describes the process of adding the DisablePasswordCaching entry (of type REG_DWORD) to the HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings registry subkey. Setting this value to 1 removes Microsoft Internet Explorer's (IE's) ability to save credentials for the specified user, not just for OWA but for all Web sites. In addition, a user can easily undo the change if that user can write to the registry. You can use Group Policy Objects (GPOs) to enforce this setting, but doing so won't prevent users from stashing credentials on machines in airport kiosks, coffee shops, or their mom's house. Your best bet is to teach your users why storing their credentials is a bad idea, then use a combination of strong password policies and good event-log monitoring practices to keep a lid on things.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like