How to disable credential caching on client computers

Windows XP and later let users cache usernames and passwords for network resources they connect to and applications they use. This can be convenient for end users, but some organizations may consider this a security risk.

You can manage stored usernames and passwords on Windows XP computers joined to a domain by using Stored User Names and Passwords as described in KB306992 and KB555631 in the Knowledge Base on Microsoft TechNet. But what if you just want to disable this functionality entirely?

Here's how you can do this:

1. Use Group Policy Object Editor to open a Group Policy Object (GPO) that targets the client computers you want to disable storing of user names and passwords on.

2. Browse to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

3. Enable the policy setting named "Network Access: Do not allow storage of credentials or .NET Passports for network authentication"

4. Reboot the client computers targeted by the GPO.

Note that pushing out this policy can cause problems when Microsoft Operations Manager is being used, see KB912998 for details.

Got comments concerning this tip? Want to share a tip of your own with ITWorld readers? Email me

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies