Automatically clear saved credentials
For security we would like the ability to enable a feature that would automatically clear stored credentials when we disconnect from a session.
Welcome to our community!
Replies 9
I actually assumed this was the way it worked. I was quite surprised that it kept the credentials after the host disconnected. This is a security concern for me. I would like the ability to have those deleted either after a host session is disconnected, or after a certain period of time.
I'm very surprised to find that there (still 3 years later) isn't even a measure of control over removal of these credentials. There should be an option to clear credentials on disconnect as well as a setting to clear all credentials globally after a certain period of time.
Use cases:
- Senior engineers working on a system during multiple sessions throughout a day. These credentials should persist between sessions and be made available as defined by their senior engineer role. The global setting, perhaps 4 hours, would then clear any credentials that are still stored/available.
- Level 1 engineers working on email/printing issues while a user is at lunch. These credentials should be cleared upon disconnect as defined by level 1 engineer's role.
I understand that the engineer can prompt for credentials again and then store blank credentials before disconnecting. However, that is a grossly inadequate method of handling a potential security hole.
Has there been any movement on this request...other techs shouldn't be able to use my stored credentials or should be cleared from machine after 4 -8 hours
This functionality would be very helpful - to clear the credentials after disconnect an access session.
I would also suggest an option to make a change (either change the registry value or use group/local policy) to the machine you are saving credentials for, to ENABLE "DO NOT DISPLAY THE PASSWORD REVEAL BUTTON"
In group policy, this is located here:
COMPUTER CONFIGURATION > POLICIES > ADMINISTRATIVE TEMPLATES > WINDOWS COMPONENTS > CREDENTIAL USER INTERFACE > DO NOT DISPLAY THE PASSWORD REVEAL BUTTON
I have enabled this on all local and client machines, but even in my local environment... I want my techs to be able to connect and login using saved credentials, but do not want them to be able to see the password!
i would like the ability to set when the credential clears. lowest option would be on disconnect and then up to x days.