This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Cached and Stored Credentials
Cached and Stored Credentials

Version management

Difference between version and

At line 1 added 30 lines
!!! Overview
[{$pagename}] describes how [credentials] are formed in [Microsoft Windows] and how the operating system manages them and is part of the [Windows Client Authentication Architecture]
!! Cached [Credentials]
Windows logon cached password verifiers __CANNOT__ be presented to another computer for [authentication], and they can only be used to locally verify a credential.
[{$pagename}] are stored in the [Security Account Manager] ([SAM]) in the registry on the local computer and provide [credentials] validation when a domain-joined computer __CANNOT__ connect to [Microsoft Active Directory] during a user’s logon.
!! Stored [Credentials]
The following sections describe where [credentials] are stored in [Windows Client] [operating Systems]. Windows credentials are composed of a combination of an account name and the authenticator. These are stored and retrieved from the following locations depending on the status of the user’s session, which might be active or inactive, and local or networked.
* [Security Account Manager] ([SAM])
* [Local Security Authority Subsystem Service] ([LSASS])
* [Local Security Authority] ([LSA])
* [Microsoft Active Directory]
!!Credential Manager store
Users may choose to save passwords in Windows by using an application or through the Credential Manager Control Panel applet. These credentials are stored on the hard disk drive and protected by using the Data Protection Application Programming Interface (DPAPI). Any program running as that user will be able to access credentials in this store.
Credential Manager can obtain its information in two ways:
* Explicit creation When users enter a user name and password for a target computer or domain, that information is stored and used when the users attempt to log on to an appropriate computer. If no stored information is available and users supply a user name and password, they can save the information. If the user decides to save the information, Credential Manager receives and stores it.
* System population When the operating system attempts to connect to a new computer on the network, it supplies the current user name and password to the computer. If this is not sufficient to provide access, Credential Manager attempts to supply the necessary user name and password. All stored user names and passwords are examined, from most specific to least specific as appropriate to the resource, and the connection is attempted in the order of those user names and passwords. Because user names and passwords are read and applied in order, from most to least specific, no more than one user name and password can be stored for each individual target or domain.
Credential Manager uses the Credential Locker, formerly known as Windows Vault, for secure storage of user names and passwords.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Cached and Stored Credentials Technical Overview|https://technet.microsoft.com/en-us/library/hh994565(v=ws.10).aspx/|target='_blank'] - based on information obtained 2016-06-12-
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop