Windows XP won't remember usernames

O

Oliver Carr

I've come across the following weird behaviour:
I have two Windows XP Pro machines. Both are joined to the
same domain, both have the same security settings (via Sec
Conf & Analysis) and GPOs. Both have the setting "Network
access: Do not allow storage of credentials..." set to
enabled.
When starting an application via "Run As...", one of these
machines populates the drop-down list for the username
with those accounts which have been used before, and one
does not.
Does anyone know where I can configure this behaviour? I'd
like to be able to configure this the same on all machines.

TIA

Oliver
 
R

Rebecca Chen [MSFT]

Hi Oliver,

What kind of application?

Have you enabled this policy in the client local policy? Please open the
local policy by keying in "gpedit.msc" in XP and enable this policy restart
the machine to test this issue.

The responding registry key of this policy is as follow, you may check the
key to make sure the policy is applied:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\

Value Name: disabledomaincreds
Value Type: REG_DWORD
Values: 0 = allow domain credentials to be stored
1 = do not store domain credentials

You may also use a new account to logon the problematic machine to test
this issue.

Any update, let us get in touch!

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
O

Oliver Carr

Hi Rebecca,

thanks for the swift repsonse. Answers and comments inline.
-----Original Message-----
Hi Oliver,

What kind of application?

This is independent of the application. The differing
behaviour occurs in the "The following user: / Username:"
drop-down field in the "Run As"-Window after selcting "Run
As..." from the context menu of the application link (i.e.
right mouse button in the Start Menu).
The responding registry key of this policy is as follow, you may check the
key to make sure the policy is applied:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\

Value Name: disabledomaincreds
Value Type: REG_DWORD
Values: 0 = allow domain credentials to be stored
1 = do not store domain credentials

Both local polices and GPOs are the same on both machines.
I've checked the LSA-key on both machines, and they are
identical (apart from the LsaPid, but that is to be
expected).

I'm pretty stumped at the moment. Do you have any ideas?

TIA,

Oliver
 
R

Rebecca Chen [MSFT]

Hi Oliver,

I would like to confirm my understanding is that when your concern is Run
as will keep the last username you have used. Do you mean another machine,
in "the following user" shows nothings in Run as?


Technically speaking, Run as doesn't remember previously used names. It
lists only usernames explicitly listed in the BUILTIN\Administrators group,
as well as Client Authentication certificates in the current user's
Personal cert store, including smart cards. (You can run certmgr.msc to see
your certifications).

I suggest you use the following steps to isolate this issue:
1. Bring up the Services window by input "services.msc" in run box and find
the service called "Protected Storage", set the service to manual and
disable the service.

2. Please check the following key:


HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider

Under the Protected Storage System Provider folder there will be subfolders
for the User profiles that are on this system. For example, you may see a
Default folder, a Local Machine folder and/or a username folder. If
the user has User Profiles turned on, select the username folder that
matches the customer's login name and export that key. After
exporting the key for safe keeping, highlight that username folder,
right-click on it and select Delete from the pop-up menu.

3. Exit the registry editor and reboot the system.

Any update, let us get in touch!

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
 
O

Oliver Carr

Hi Rebecca,

of course!!! Silly me... totally forgot about that.

The one box is a dev-machine, which has a number of
members in the local admins group, and the other is a
production machine which doesn't.

Thanks for pointing that out. Everything appears in a much
clearer light now.

Oliver
 
R

Rebecca Chen [MSFT]

Hi Oliver,

You are welcome! :)


Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Oliver Carr" <[email protected]>
Sender: "Oliver Carr" <[email protected]>
References: <[email protected]>
<[email protected]>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top