Case Study – How to Enable or Disable “Remember my credentials” in IE in credential window.
Customers wants to show “Remember my credentials” in IE in credential window but always failed.
Root Cause Analysis
We all know that when you try to view a Web site that is protected with a password, you are prompted to type your security credentials in the Enter Network Password dialog box. If you click to select the Save this password in your password list check box in this dialog box, the computer saves your password so that you do not have to type the password again when you try to use the same document. This behavior is known as password caching.
According to KB229940:
To disable password caching, follow these steps:
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey:
3. On the Edit menu, click New, and then click DWORD Value.
4. Type DisablePasswordCaching to name the new registry entry, and then press ENTER.
5. Right-click DisablePasswordCaching, and then click Modify.
6. Make sure that the Hexadecimal option button is selected, type 1 in the Value data box, and then click OK.
7. Quit Registry Editor.
To enable password caching, you can either delete the DisablePasswordCaching entry, or change its value to 0.
If there isn’t existing DisablePasswordCaching, its value is 0 by default.
But even customer applied below steps, it seems DisablePasswordCaching still cannot control the credential caching as we expected:
1) Enable it by set DisablePasswordCaching as 0 in registry,
2) Install MS14-010: http://technet.microsoft.com/en-us/security/bulletin/ms14-010
After research and test we find there is a GPO blocks it:
Once enable “Do not allow storage of passwords and credentials for network authentication” in GPO, password cachingdoes not work even setting DisablePasswordCaching as 0.
To disable password caching, please achieve one of below steps:
1) DisablePasswordCaching under “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings” is 1.
2) Or, GPO “Do not allow storage of passwords and credentials for network authentication” is enabled.
To enable password caching, please confirm:
1) DisablePasswordCaching under “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings” is 0 or not existing.
2) And, GPO “Do not allow storage of passwords and credentials for network authentication” is not configured or disabled.
How to disable Internet Explorer password caching
Network access: Do not allow storage of passwords and credentials for network authentication
"Remember my credentials" check box is displayed after you disable the check box in Internet Explorer 9 in Windows 7
Microsoft Security Bulletin MS14-010 - Critical
Cumulative Security Update for Internet Explorer (2909921)
Published: Tuesday, February 11, 2014
Xiaoman Wang from GBSD DSI Team