Microsoft KB Archive/281660

= Behavior of stored user names and passwords =

Article ID: 281660

Article Last Modified on 7/11/2006

-

APPLIES TO


 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Professional

-



This article was previously published under Q281660





SUMMARY
Windows XP introduces a new behavior which makes it easier to access resources that require credentials other than the logged-on user's credentials. This article describes the functionality and expected behavior of Stored User Names and Passwords.



MORE INFORMATION
Stored User Names and Passwords is a mechanism that dynamically and manually creates credential sets (a user name and password) for resources. This functionality is available from the graphical user interface (GUI) and from the command line. The types of credentials that you can manage with Stored User Names and Passwords are:
 * User names and passwords
 * X.509 certificates (smart cards)
 * Passports

Note: Windows XP Home Edition stores only Remote Access Services/Virtual Private Networking and Passport credentials. If you use a restricted user account to log on the computer, follow these steps:
 * 1) Click Start, click Run, type Control Userpasswords2, and then press ENTER.
 * 2) Click the Advanced tab, and then click Manage Passwords.

The most common scenarios for using Stored User Names and Passwords is when a user attempts to access one of the following:
 * Resources in an untrusted domain
 * Resources with alternative credentials
 * A Web site with a password
 * A Web site with a certificate

To access these credentials in Control Panel:
 * Windows XP Home Edition or Windows XP Professional in a workgroup:

In the User Accounts tool, select the logged-on user account.
 * Windows XP Professional in a domain:

In the User Accounts tool, on the Advanced tab, click Manage Passwords.

In Stored User Names and Passwords, keys are created dynamically and manually.

DYNAMIC keys are created in the following way:
 * 1) A user attempts to connect to \\ \.
 * 2) The user's logon credentials are attempted. If these do not gain access, Stored User Names and Passwords prompts.
 * 3) Credentials are put in Stored User Names and Passwords after it successfully connects, or if Cancel is clicked on a returned error message.

The following options are available for the Stored User Names and Passwords prompt:
 * Username
 * Password
 * Remember my password

MANUAL Keys are created in the following way:
 * 1) Start the Stored User Names and Passwords tool in Control Panel.
 * 2) Click Add.
 * 3) Type the appropriate information in the boxes:
 * 4) * Server: Use the hostname, FQDN, wildcards, and so forth.
 * 5) * User Name: Domain\Username; Machine\Username; UPN.
 * 6) * Password: Type the password.

Stored User Names and Passwords connection objects (keys) can be created manually to various entities:
 * specific resource: . . .com
 * less specific set of resources: *. . .com (all resources in . .com)
 * very general set of resources: *. .com (all resources in .com)

If there are multiple credentials that can apply to a target resource, Stored User Names and Passwords in Windows XP SP1 and later uses the most specific credential. For example, a user attempts to connect to \\, which is. . .com. The user may have credentials for the server, *. . .com, and *. .com. In this scenario, the most specific credential applicable is for the server itself, so that is the one used. For more information about Stored User Names and Passwords, click the following article number to view the article in the Microsoft Knowledge Base:

281249 Stored user names and password credentials are stored for the lifetime of the logon session

Additional query words: CredMan Credential Manager Windows Keyring SUN&P credentials

Keywords: kbinfo KB281660

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.