+18
Pending Review
Automatically clear saved credentials
For security we would like the ability to enable a feature that would automatically clear stored credentials when we disconnect from a session.
Customer support service by UserEcho
i would like the ability to set when the credential clears. lowest option would be on disconnect and then up to x days.
I actually assumed this was the way it worked. I was quite surprised that it kept the credentials after the host disconnected. This is a security concern for me. I would like the ability to have those deleted either after a host session is disconnected, or after a certain period of time.
I'm very surprised to find that there (still 3 years later) isn't even a measure of control over removal of these credentials. There should be an option to clear credentials on disconnect as well as a setting to clear all credentials globally after a certain period of time.
Use cases:
I understand that the engineer can prompt for credentials again and then store blank credentials before disconnecting. However, that is a grossly inadequate method of handling a potential security hole.
I agree, these should auto clear when a engineer disconnects. Also, the stored credentials should only be for the user who requested them, they should not be available to all users that connect to the same machine!
Has there been any movement on this request...other techs shouldn't be able to use my stored credentials or should be cleared from machine after 4 -8 hours
This functionality would be very helpful - to clear the credentials after disconnect an access session.
This should be a no-brainer - saving credentials should be a temporary thing.
I would also suggest an option to make a change (either change the registry value or use group/local policy) to the machine you are saving credentials for, to ENABLE "DO NOT DISPLAY THE PASSWORD REVEAL BUTTON"
In group policy, this is located here:
COMPUTER CONFIGURATION > POLICIES > ADMINISTRATIVE TEMPLATES > WINDOWS COMPONENTS > CREDENTIAL USER INTERFACE > DO NOT DISPLAY THE PASSWORD REVEAL BUTTON
I have enabled this on all local and client machines, but even in my local environment... I want my techs to be able to connect and login using saved credentials, but do not want them to be able to see the password!