Passwords that are cached can be accessed by the user when logged on to the device. This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. If this policy isn't contained in a distributed GPO, this policy can be configured on the local computer by using the Local Security Policy snap-in. This policy setting can be configured by using the Group Policy Management Console (GPMC) to be distributed through Group Policy Objects (GPOs). Restart requirementĪ restart of the device is required before this policy will be effective when changes to this policy are saved locally or distributed through Group Policy. This section describes features and tools that are available to help you manage this policy. Server type or Group Policy Object (GPO)ĭomain controller effective default settingsĮffective GPO default settings on client computers Default values are also listed on the policy’s property page. The following table lists the actual and effective default values for this policy. LocationĬomputer Configuration\Windows Settings\Security Settings\Local Policies\Security Options Default values Cached credentials are designed primarily to be used on laptops that require domain credentials when disconnected from the domain. Evaluate your servers and workstations to determine the requirements. It's a recommended practice to disable the ability of the Windows operating system to cache credentials on any device where credentials aren't needed. Possible valuesĬredential Manager doesn't store passwords and credentials on the deviceĬredential Manager will store passwords and credentials on this computer for later use for domain authentication.
This security setting determines whether Credential Manager saves passwords and credentials for later use when it gains domain authentication.
Describes the best practices, location, values, policy management and security considerations for the Network access: Do not allow storage of passwords and credentials for network authentication security policy setting.
0 kommentar(er)
