Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, June 2, 2010 4:37 AM | 1 vote
Hello
Workstation is domain member with Windows 7 Enterprise. When I connecting via VPN with some credentials, it stores automatically in Credential Manager with "*Session" marker. When I connecting to network shares on domain servers, workstation use credentials, stored in Credential Manager. So, because stored credentials is different from domain user account, workstation can't connect to network shares in domain. When I manually remove stored "*Session" credentials, workstation connecting to domain servers OK. So I need to disable storing passwords from VPN connections in Credential Manager because it different from domain user account.
P.S. I am already posted this question on "Windows 7 Security, Privacy, and User Accounts" forum, but no answers at all. May be here somebody can help me?
All replies (12)
Thursday, June 3, 2010 6:07 AM âś…Answered | 2 votes
Hi,
You can disallow the credential to be stored in the Credential Manager by setting the following registry entry to 1:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
Value Name: DisableDomainCreds
Value Type: REG_DWORD
Value: 1
Hope it helps.
This posting is provided "AS IS" with no warranties, and confers no rights.
Friday, June 4, 2010 8:00 AM
Hi
Is there any policy in GPO in Windows 2008 R2 domain? Or it can only be disabled by registry key? (I know that I can write a script for users logon for setup this registry key)
Friday, June 4, 2010 8:25 AM
Hi,
You can disallow the credential to be stored in the Credential Manager by setting the following registry entry to 1:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
Value Name: DisableDomainCreds
Value Type: REG_DWORD
Value: 1
Yes! It's worked!
Thank you
Monday, June 7, 2010 1:16 AM
Hi,
Glad that it helps.
It seems there is no policy to configure this setting. You may have to write a script or create a custom administrative template to deploy the setting.
Joson Zhou
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact [email protected]
This posting is provided "AS IS" with no warranties, and confers no rights.
Monday, February 14, 2011 6:57 AM
I have found out how to disable the Domain Credentials in Windows 7 but am unable to disable the Generic Passwords, any Ideas?
Tuesday, October 18, 2011 1:00 PM
Have you found out how to disable the Generic Credentials under Credential Manager?
Monday, June 17, 2013 2:16 PM
Is there a way to disable ONLY the creation of the VPN *Session credentials? I use mapped drives with one domain account and Outlook with a different domain account. Using the fix you suggested fixes my issue with mapped drives but then I cannot use Outlook at all.
Note: I do not log on with either account (I use a local admin account) and I do not 'save my password' in Outlook.
Monday, September 2, 2013 4:20 PM | 5 votes
maybe this helps:
search for your phonebook.pbk file that is probably here:
C:\Users\username"\AppData\Roaming\Microsoft\Network\Connections\Pbk
search the file for the VPN connection and change this line:
UseRasCredentials=1
change it to: UseRasCredentials=0
this will lead into not saving the credentials in the credentials manager for this pptp vpn connection and using your active logged on user account credentials instead.
this was causing a continously account lockout problem in my company.
Monday, July 6, 2015 9:06 AM
Why is disabling the domain DisableDomainCreds marked as an answer? That's like having a leg amputated for an ingrowing toenail! Manfred's answer is spot on (thank you Manfred) as it only disables *Session for the VPN connection.
Wednesday, July 15, 2015 9:59 AM
thank you Manfred, you just pointed me to the solution of the persistent Incorrect *Session entry in Credential Manager!
Tuesday, August 21, 2018 5:43 PM
Just wanted to say this is still the *CORRECT* fix on Windows 10 build 1803 (in 2018, almost 5 years later)
We had a L2TP VPN setup and create this problem, this solved the issue. Thanks!
Thursday, June 20, 2019 12:41 PM
It Works with 1903 as well.