how to cache credentials on Windows












2














I am a programmer and finance guy who is reluctantly in charge of IT, among any other more appropriate departments, at our eight person firm. I'm very new to IT, so please bear with me and assume I know very little.



We have a limited number of shared/vacation laptops that trade hands a lot. Despite my guidance, employees take off with a laptop that doesn't have their credentials cached so they can't login. (I try to get them to login before they head out!)



How can I cache all of the credentials to each of the traveling laptops? And is this wise? Suggestions welcome for alternative (free) solutions that solve this in a different way.



Laptop: Windows 7 without local admin rights,
Server: Windows 2008 R2










share|improve this question















migrated from security.stackexchange.com Dec 22 '16 at 21:59


This question came from our site for information security professionals.











  • 1




    Get them to login before walking away from the network with the laptop.
    – schroeder
    Dec 22 '16 at 21:59










  • schroeder - note "Despite my guidance" part of my question. I try! I added clarification on this in my question.
    – mountainclimber
    Dec 22 '16 at 22:02












  • Also, where should I post questions like this? I see you migrated my question.
    – mountainclimber
    Dec 22 '16 at 22:05






  • 1




    Noted, and I agree; however, that is a tough one when it is your CEO during the holidays who needs the help.
    – mountainclimber
    Dec 22 '16 at 22:07






  • 1




    How to configure or accomplish tasks in a particular OS tends to be more of a SuperUser-type question.
    – schroeder
    Dec 22 '16 at 22:07
















2














I am a programmer and finance guy who is reluctantly in charge of IT, among any other more appropriate departments, at our eight person firm. I'm very new to IT, so please bear with me and assume I know very little.



We have a limited number of shared/vacation laptops that trade hands a lot. Despite my guidance, employees take off with a laptop that doesn't have their credentials cached so they can't login. (I try to get them to login before they head out!)



How can I cache all of the credentials to each of the traveling laptops? And is this wise? Suggestions welcome for alternative (free) solutions that solve this in a different way.



Laptop: Windows 7 without local admin rights,
Server: Windows 2008 R2










share|improve this question















migrated from security.stackexchange.com Dec 22 '16 at 21:59


This question came from our site for information security professionals.











  • 1




    Get them to login before walking away from the network with the laptop.
    – schroeder
    Dec 22 '16 at 21:59










  • schroeder - note "Despite my guidance" part of my question. I try! I added clarification on this in my question.
    – mountainclimber
    Dec 22 '16 at 22:02












  • Also, where should I post questions like this? I see you migrated my question.
    – mountainclimber
    Dec 22 '16 at 22:05






  • 1




    Noted, and I agree; however, that is a tough one when it is your CEO during the holidays who needs the help.
    – mountainclimber
    Dec 22 '16 at 22:07






  • 1




    How to configure or accomplish tasks in a particular OS tends to be more of a SuperUser-type question.
    – schroeder
    Dec 22 '16 at 22:07














2












2








2







I am a programmer and finance guy who is reluctantly in charge of IT, among any other more appropriate departments, at our eight person firm. I'm very new to IT, so please bear with me and assume I know very little.



We have a limited number of shared/vacation laptops that trade hands a lot. Despite my guidance, employees take off with a laptop that doesn't have their credentials cached so they can't login. (I try to get them to login before they head out!)



How can I cache all of the credentials to each of the traveling laptops? And is this wise? Suggestions welcome for alternative (free) solutions that solve this in a different way.



Laptop: Windows 7 without local admin rights,
Server: Windows 2008 R2










share|improve this question















I am a programmer and finance guy who is reluctantly in charge of IT, among any other more appropriate departments, at our eight person firm. I'm very new to IT, so please bear with me and assume I know very little.



We have a limited number of shared/vacation laptops that trade hands a lot. Despite my guidance, employees take off with a laptop that doesn't have their credentials cached so they can't login. (I try to get them to login before they head out!)



How can I cache all of the credentials to each of the traveling laptops? And is this wise? Suggestions welcome for alternative (free) solutions that solve this in a different way.



Laptop: Windows 7 without local admin rights,
Server: Windows 2008 R2







active-directory credentials windows-server






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 22 '16 at 22:02

























asked Dec 22 '16 at 21:53









mountainclimber

1396




1396




migrated from security.stackexchange.com Dec 22 '16 at 21:59


This question came from our site for information security professionals.






migrated from security.stackexchange.com Dec 22 '16 at 21:59


This question came from our site for information security professionals.










  • 1




    Get them to login before walking away from the network with the laptop.
    – schroeder
    Dec 22 '16 at 21:59










  • schroeder - note "Despite my guidance" part of my question. I try! I added clarification on this in my question.
    – mountainclimber
    Dec 22 '16 at 22:02












  • Also, where should I post questions like this? I see you migrated my question.
    – mountainclimber
    Dec 22 '16 at 22:05






  • 1




    Noted, and I agree; however, that is a tough one when it is your CEO during the holidays who needs the help.
    – mountainclimber
    Dec 22 '16 at 22:07






  • 1




    How to configure or accomplish tasks in a particular OS tends to be more of a SuperUser-type question.
    – schroeder
    Dec 22 '16 at 22:07














  • 1




    Get them to login before walking away from the network with the laptop.
    – schroeder
    Dec 22 '16 at 21:59










  • schroeder - note "Despite my guidance" part of my question. I try! I added clarification on this in my question.
    – mountainclimber
    Dec 22 '16 at 22:02












  • Also, where should I post questions like this? I see you migrated my question.
    – mountainclimber
    Dec 22 '16 at 22:05






  • 1




    Noted, and I agree; however, that is a tough one when it is your CEO during the holidays who needs the help.
    – mountainclimber
    Dec 22 '16 at 22:07






  • 1




    How to configure or accomplish tasks in a particular OS tends to be more of a SuperUser-type question.
    – schroeder
    Dec 22 '16 at 22:07








1




1




Get them to login before walking away from the network with the laptop.
– schroeder
Dec 22 '16 at 21:59




Get them to login before walking away from the network with the laptop.
– schroeder
Dec 22 '16 at 21:59












schroeder - note "Despite my guidance" part of my question. I try! I added clarification on this in my question.
– mountainclimber
Dec 22 '16 at 22:02






schroeder - note "Despite my guidance" part of my question. I try! I added clarification on this in my question.
– mountainclimber
Dec 22 '16 at 22:02














Also, where should I post questions like this? I see you migrated my question.
– mountainclimber
Dec 22 '16 at 22:05




Also, where should I post questions like this? I see you migrated my question.
– mountainclimber
Dec 22 '16 at 22:05




1




1




Noted, and I agree; however, that is a tough one when it is your CEO during the holidays who needs the help.
– mountainclimber
Dec 22 '16 at 22:07




Noted, and I agree; however, that is a tough one when it is your CEO during the holidays who needs the help.
– mountainclimber
Dec 22 '16 at 22:07




1




1




How to configure or accomplish tasks in a particular OS tends to be more of a SuperUser-type question.
– schroeder
Dec 22 '16 at 22:07




How to configure or accomplish tasks in a particular OS tends to be more of a SuperUser-type question.
– schroeder
Dec 22 '16 at 22:07










2 Answers
2






active

oldest

votes


















4














The answer: No.



As Schroeder mentions in his comment, the way this is to be done is to require staff to log into the computer while it is still connected in the office.



There is a setting that can be configured in Group Policy that tells a computer how many credentials it can recall, which allows a staffmember or two or three to login to a computer in the office and then take the computer out of the office and still be able to log in, but even this has its limits.



The problem with what you're asking for is that you would essentially be asking the computer to retain a copy of authentication for all of the user accounts on a domain, and to ask for any updated information about this user accounts such as changed passwords or names or permissions, whenever it does change.



First this is impractical because the laptops would have to be connected to the domain anyways to get this information and why doesn't the borrowing user just log in before they leave anyway, and second it is highly insecure.



If a computer remembering one account's information leaves the office and is stolen, you reset the information on that one account. But if you have ALL of the information for ALL of the domain accounts on that laptop, you have trouble, spelled with a capital "T".



As part of your new role you also are the enforcer, and the rules have to be, both for the safety of the company information, and for your sanity, that staff MUST log into the computer BEFORE they leave the office or they are out of luck.



Their forgetting what they have been told is no reason for you to have to panic. They are not two year olds. They are adults who can understand and follow instructions. I assume.



UPDATE: Suggested Process & Magic Workaround



Suggested Process



Option 1: Keep all the loaner laptops secured in your office, at your tech desk, etc. When people come to check them out from you have them login to them before they leave. Bonus benefit: You know the laptop is working.



Option 2: Give the CEO a laptop of their own for their only computer. Then they're already logged in.



Magic Workaround



Don't just give this one away. Keep it for those times you really need a bacon saved or brownie points banked and use it only sparingly.



Set up a VPN connection of some sort, and then configure a VERY limited local account on all the laptops that ONLY connects to an available internet connection and triggers the VPN connection.



You can do this in such a way that not even the taskbar or desktop icons show up in this limited account



Once the VPN is connected have the remote user who could not be bothered to follow instructions press CTRL-ALT-DEL and select Change Password. In this dialog you can change passwords BESIDES the logged in account simply by entering the domainusername of the account you wish to cache. Once the user has changed the password for their own account on this computer, the accounts credentials will then be cached, and they'll be able to log in normally.



There's still a little punishment because they had to change their password, but that should hopefully serve as reminder to do things the right way next time.






share|improve this answer































    0














    Not debating on whether it is correct practice or not. But the only way to cache credentials in windows is using credentials manager. You can script using command line tool "cmdkey" like this :



    cmdkey /add:server01 /user:mikedan /pass:Kleo





    share|improve this answer





















    • But this would not be advisable for security reasons, right?
      – mountainclimber
      Dec 23 '16 at 13:20










    • As i mentioned ... can't debate its correct and secure or not ... In my opinion security assessment requires more deeper exercise ... If you have compensatory control around cmdkey usage then its absolutely fine ... Credential manager of windows is secure in storing data ... you cannot retrieve the password, only use it to connect like file and printer sharing etc... security issue is only around who canshould use it
      – amarnath chatterjee
      Dec 24 '16 at 15:36











    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1159425%2fhow-to-cache-credentials-on-windows%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    4














    The answer: No.



    As Schroeder mentions in his comment, the way this is to be done is to require staff to log into the computer while it is still connected in the office.



    There is a setting that can be configured in Group Policy that tells a computer how many credentials it can recall, which allows a staffmember or two or three to login to a computer in the office and then take the computer out of the office and still be able to log in, but even this has its limits.



    The problem with what you're asking for is that you would essentially be asking the computer to retain a copy of authentication for all of the user accounts on a domain, and to ask for any updated information about this user accounts such as changed passwords or names or permissions, whenever it does change.



    First this is impractical because the laptops would have to be connected to the domain anyways to get this information and why doesn't the borrowing user just log in before they leave anyway, and second it is highly insecure.



    If a computer remembering one account's information leaves the office and is stolen, you reset the information on that one account. But if you have ALL of the information for ALL of the domain accounts on that laptop, you have trouble, spelled with a capital "T".



    As part of your new role you also are the enforcer, and the rules have to be, both for the safety of the company information, and for your sanity, that staff MUST log into the computer BEFORE they leave the office or they are out of luck.



    Their forgetting what they have been told is no reason for you to have to panic. They are not two year olds. They are adults who can understand and follow instructions. I assume.



    UPDATE: Suggested Process & Magic Workaround



    Suggested Process



    Option 1: Keep all the loaner laptops secured in your office, at your tech desk, etc. When people come to check them out from you have them login to them before they leave. Bonus benefit: You know the laptop is working.



    Option 2: Give the CEO a laptop of their own for their only computer. Then they're already logged in.



    Magic Workaround



    Don't just give this one away. Keep it for those times you really need a bacon saved or brownie points banked and use it only sparingly.



    Set up a VPN connection of some sort, and then configure a VERY limited local account on all the laptops that ONLY connects to an available internet connection and triggers the VPN connection.



    You can do this in such a way that not even the taskbar or desktop icons show up in this limited account



    Once the VPN is connected have the remote user who could not be bothered to follow instructions press CTRL-ALT-DEL and select Change Password. In this dialog you can change passwords BESIDES the logged in account simply by entering the domainusername of the account you wish to cache. Once the user has changed the password for their own account on this computer, the accounts credentials will then be cached, and they'll be able to log in normally.



    There's still a little punishment because they had to change their password, but that should hopefully serve as reminder to do things the right way next time.






    share|improve this answer




























      4














      The answer: No.



      As Schroeder mentions in his comment, the way this is to be done is to require staff to log into the computer while it is still connected in the office.



      There is a setting that can be configured in Group Policy that tells a computer how many credentials it can recall, which allows a staffmember or two or three to login to a computer in the office and then take the computer out of the office and still be able to log in, but even this has its limits.



      The problem with what you're asking for is that you would essentially be asking the computer to retain a copy of authentication for all of the user accounts on a domain, and to ask for any updated information about this user accounts such as changed passwords or names or permissions, whenever it does change.



      First this is impractical because the laptops would have to be connected to the domain anyways to get this information and why doesn't the borrowing user just log in before they leave anyway, and second it is highly insecure.



      If a computer remembering one account's information leaves the office and is stolen, you reset the information on that one account. But if you have ALL of the information for ALL of the domain accounts on that laptop, you have trouble, spelled with a capital "T".



      As part of your new role you also are the enforcer, and the rules have to be, both for the safety of the company information, and for your sanity, that staff MUST log into the computer BEFORE they leave the office or they are out of luck.



      Their forgetting what they have been told is no reason for you to have to panic. They are not two year olds. They are adults who can understand and follow instructions. I assume.



      UPDATE: Suggested Process & Magic Workaround



      Suggested Process



      Option 1: Keep all the loaner laptops secured in your office, at your tech desk, etc. When people come to check them out from you have them login to them before they leave. Bonus benefit: You know the laptop is working.



      Option 2: Give the CEO a laptop of their own for their only computer. Then they're already logged in.



      Magic Workaround



      Don't just give this one away. Keep it for those times you really need a bacon saved or brownie points banked and use it only sparingly.



      Set up a VPN connection of some sort, and then configure a VERY limited local account on all the laptops that ONLY connects to an available internet connection and triggers the VPN connection.



      You can do this in such a way that not even the taskbar or desktop icons show up in this limited account



      Once the VPN is connected have the remote user who could not be bothered to follow instructions press CTRL-ALT-DEL and select Change Password. In this dialog you can change passwords BESIDES the logged in account simply by entering the domainusername of the account you wish to cache. Once the user has changed the password for their own account on this computer, the accounts credentials will then be cached, and they'll be able to log in normally.



      There's still a little punishment because they had to change their password, but that should hopefully serve as reminder to do things the right way next time.






      share|improve this answer


























        4












        4








        4






        The answer: No.



        As Schroeder mentions in his comment, the way this is to be done is to require staff to log into the computer while it is still connected in the office.



        There is a setting that can be configured in Group Policy that tells a computer how many credentials it can recall, which allows a staffmember or two or three to login to a computer in the office and then take the computer out of the office and still be able to log in, but even this has its limits.



        The problem with what you're asking for is that you would essentially be asking the computer to retain a copy of authentication for all of the user accounts on a domain, and to ask for any updated information about this user accounts such as changed passwords or names or permissions, whenever it does change.



        First this is impractical because the laptops would have to be connected to the domain anyways to get this information and why doesn't the borrowing user just log in before they leave anyway, and second it is highly insecure.



        If a computer remembering one account's information leaves the office and is stolen, you reset the information on that one account. But if you have ALL of the information for ALL of the domain accounts on that laptop, you have trouble, spelled with a capital "T".



        As part of your new role you also are the enforcer, and the rules have to be, both for the safety of the company information, and for your sanity, that staff MUST log into the computer BEFORE they leave the office or they are out of luck.



        Their forgetting what they have been told is no reason for you to have to panic. They are not two year olds. They are adults who can understand and follow instructions. I assume.



        UPDATE: Suggested Process & Magic Workaround



        Suggested Process



        Option 1: Keep all the loaner laptops secured in your office, at your tech desk, etc. When people come to check them out from you have them login to them before they leave. Bonus benefit: You know the laptop is working.



        Option 2: Give the CEO a laptop of their own for their only computer. Then they're already logged in.



        Magic Workaround



        Don't just give this one away. Keep it for those times you really need a bacon saved or brownie points banked and use it only sparingly.



        Set up a VPN connection of some sort, and then configure a VERY limited local account on all the laptops that ONLY connects to an available internet connection and triggers the VPN connection.



        You can do this in such a way that not even the taskbar or desktop icons show up in this limited account



        Once the VPN is connected have the remote user who could not be bothered to follow instructions press CTRL-ALT-DEL and select Change Password. In this dialog you can change passwords BESIDES the logged in account simply by entering the domainusername of the account you wish to cache. Once the user has changed the password for their own account on this computer, the accounts credentials will then be cached, and they'll be able to log in normally.



        There's still a little punishment because they had to change their password, but that should hopefully serve as reminder to do things the right way next time.






        share|improve this answer














        The answer: No.



        As Schroeder mentions in his comment, the way this is to be done is to require staff to log into the computer while it is still connected in the office.



        There is a setting that can be configured in Group Policy that tells a computer how many credentials it can recall, which allows a staffmember or two or three to login to a computer in the office and then take the computer out of the office and still be able to log in, but even this has its limits.



        The problem with what you're asking for is that you would essentially be asking the computer to retain a copy of authentication for all of the user accounts on a domain, and to ask for any updated information about this user accounts such as changed passwords or names or permissions, whenever it does change.



        First this is impractical because the laptops would have to be connected to the domain anyways to get this information and why doesn't the borrowing user just log in before they leave anyway, and second it is highly insecure.



        If a computer remembering one account's information leaves the office and is stolen, you reset the information on that one account. But if you have ALL of the information for ALL of the domain accounts on that laptop, you have trouble, spelled with a capital "T".



        As part of your new role you also are the enforcer, and the rules have to be, both for the safety of the company information, and for your sanity, that staff MUST log into the computer BEFORE they leave the office or they are out of luck.



        Their forgetting what they have been told is no reason for you to have to panic. They are not two year olds. They are adults who can understand and follow instructions. I assume.



        UPDATE: Suggested Process & Magic Workaround



        Suggested Process



        Option 1: Keep all the loaner laptops secured in your office, at your tech desk, etc. When people come to check them out from you have them login to them before they leave. Bonus benefit: You know the laptop is working.



        Option 2: Give the CEO a laptop of their own for their only computer. Then they're already logged in.



        Magic Workaround



        Don't just give this one away. Keep it for those times you really need a bacon saved or brownie points banked and use it only sparingly.



        Set up a VPN connection of some sort, and then configure a VERY limited local account on all the laptops that ONLY connects to an available internet connection and triggers the VPN connection.



        You can do this in such a way that not even the taskbar or desktop icons show up in this limited account



        Once the VPN is connected have the remote user who could not be bothered to follow instructions press CTRL-ALT-DEL and select Change Password. In this dialog you can change passwords BESIDES the logged in account simply by entering the domainusername of the account you wish to cache. Once the user has changed the password for their own account on this computer, the accounts credentials will then be cached, and they'll be able to log in normally.



        There's still a little punishment because they had to change their password, but that should hopefully serve as reminder to do things the right way next time.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Dec 22 '16 at 22:16

























        answered Dec 22 '16 at 22:09









        music2myear

        30.6k85597




        30.6k85597

























            0














            Not debating on whether it is correct practice or not. But the only way to cache credentials in windows is using credentials manager. You can script using command line tool "cmdkey" like this :



            cmdkey /add:server01 /user:mikedan /pass:Kleo





            share|improve this answer





















            • But this would not be advisable for security reasons, right?
              – mountainclimber
              Dec 23 '16 at 13:20










            • As i mentioned ... can't debate its correct and secure or not ... In my opinion security assessment requires more deeper exercise ... If you have compensatory control around cmdkey usage then its absolutely fine ... Credential manager of windows is secure in storing data ... you cannot retrieve the password, only use it to connect like file and printer sharing etc... security issue is only around who canshould use it
              – amarnath chatterjee
              Dec 24 '16 at 15:36
















            0














            Not debating on whether it is correct practice or not. But the only way to cache credentials in windows is using credentials manager. You can script using command line tool "cmdkey" like this :



            cmdkey /add:server01 /user:mikedan /pass:Kleo





            share|improve this answer





















            • But this would not be advisable for security reasons, right?
              – mountainclimber
              Dec 23 '16 at 13:20










            • As i mentioned ... can't debate its correct and secure or not ... In my opinion security assessment requires more deeper exercise ... If you have compensatory control around cmdkey usage then its absolutely fine ... Credential manager of windows is secure in storing data ... you cannot retrieve the password, only use it to connect like file and printer sharing etc... security issue is only around who canshould use it
              – amarnath chatterjee
              Dec 24 '16 at 15:36














            0












            0








            0






            Not debating on whether it is correct practice or not. But the only way to cache credentials in windows is using credentials manager. You can script using command line tool "cmdkey" like this :



            cmdkey /add:server01 /user:mikedan /pass:Kleo





            share|improve this answer












            Not debating on whether it is correct practice or not. But the only way to cache credentials in windows is using credentials manager. You can script using command line tool "cmdkey" like this :



            cmdkey /add:server01 /user:mikedan /pass:Kleo






            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Dec 23 '16 at 5:27









            amarnath chatterjee

            1011




            1011












            • But this would not be advisable for security reasons, right?
              – mountainclimber
              Dec 23 '16 at 13:20










            • As i mentioned ... can't debate its correct and secure or not ... In my opinion security assessment requires more deeper exercise ... If you have compensatory control around cmdkey usage then its absolutely fine ... Credential manager of windows is secure in storing data ... you cannot retrieve the password, only use it to connect like file and printer sharing etc... security issue is only around who canshould use it
              – amarnath chatterjee
              Dec 24 '16 at 15:36


















            • But this would not be advisable for security reasons, right?
              – mountainclimber
              Dec 23 '16 at 13:20










            • As i mentioned ... can't debate its correct and secure or not ... In my opinion security assessment requires more deeper exercise ... If you have compensatory control around cmdkey usage then its absolutely fine ... Credential manager of windows is secure in storing data ... you cannot retrieve the password, only use it to connect like file and printer sharing etc... security issue is only around who canshould use it
              – amarnath chatterjee
              Dec 24 '16 at 15:36
















            But this would not be advisable for security reasons, right?
            – mountainclimber
            Dec 23 '16 at 13:20




            But this would not be advisable for security reasons, right?
            – mountainclimber
            Dec 23 '16 at 13:20












            As i mentioned ... can't debate its correct and secure or not ... In my opinion security assessment requires more deeper exercise ... If you have compensatory control around cmdkey usage then its absolutely fine ... Credential manager of windows is secure in storing data ... you cannot retrieve the password, only use it to connect like file and printer sharing etc... security issue is only around who canshould use it
            – amarnath chatterjee
            Dec 24 '16 at 15:36




            As i mentioned ... can't debate its correct and secure or not ... In my opinion security assessment requires more deeper exercise ... If you have compensatory control around cmdkey usage then its absolutely fine ... Credential manager of windows is secure in storing data ... you cannot retrieve the password, only use it to connect like file and printer sharing etc... security issue is only around who canshould use it
            – amarnath chatterjee
            Dec 24 '16 at 15:36


















            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1159425%2fhow-to-cache-credentials-on-windows%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            AnyDesk - Fatal Program Failure

            How to calibrate 16:9 built-in touch-screen to a 4:3 resolution?

            QoS: MAC-Priority for clients behind a repeater