Getting rid of password when "remember password" is checked.

Gutter Ball · September 3rd, 2002, 11:46 PM

Okay, here's the situation. We recently upgraded our firewall and to get out to the internet, you must enter a username and password. No more going through My Computer etc etc, everybody must log in. We sent emails out to everybody telling them NOT to check the "remember password" box since the computers are shared and the user logged in is responsible for whatever happens. Well, lots of people have checked the "remember password" box and some naughty naughty's are taking advantage of using other people's log in. Other than manually going to the 600+ computers and checking, is there a way to disable the box or go and delete any info that's been entered into the fields?? Maybe a registry key I can delete through the login script?

DVNT1 · September 4th, 2002, 12:07 AM

Yes, Group Policy can be configured for this. Are these W2K or XP machines?

There are some methods through logon script too but you will probably need IEAK to configure a default setting.

Gutter Ball · September 4th, 2002, 09:39 AM

I figured you'd know. These are all Win2K machines.

DVNT1 · September 4th, 2002, 11:19 AM

I probably should ahve asked how are they authenticating but I was assuming via a web form. In that case...

Quote:

To disable password caching:
Start Registry Editor (Regedt32.exe).
Locate and click the following key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings
On the Edit menu, click Add Value, and then add the following registry value:
Value name: DisablePasswordCaching
Data type: REG_DWORD
Radix: Hexadecimal
Value data: 0x00000001
Quit Registry Editor.
You can also disable password caching by using the Microsoft Internet Explorer Administration Kit (IEAK) to create an executable file, and then attach it as an add-on component. When you use this method, Setup adds the DisablePasswordCaching value to the registry during the installation process.

NOTE: In some cases, you can create a custom .adm file to modify this registry key, and then import it into the IEAK Wizard.

To renable password caching, you can either delete the DisablePasswordCaching value, or change the value setting to 0.

Gutter Ball · September 5th, 2002, 12:35 AM

Thanks again! That's what we needed. Now if we can figure out how to stop the packet sniffers from stealing passwords, that'd be great.

DVNT1 · September 5th, 2002, 08:19 AM

Switches would help stop the casual "sniffer" but IPSEC tunnels should take care of it.

You may want to start at http://www.analogx.com/contents/articles/ipsec.htm

and then http://www.labmice.net/networking/IPsec.htm