credential storage windows xp. Obtaining credentials from third-party programs

A credential manager, or Credential Manager, is a mechanism that allows you to manage user registration data (login and password) for accessing network resources, as well as certificates and credentials for various applications ( Email, web services, etc.).

For example, we want to access a folder located on another computer, and remote computer asks for our credentials. Enter your username, password and check the box "Remember credentials".

Or, when connecting to a remote desktop, we allow saving credentials so as not to enter them every time.

All credentials saved in this way end up in the so-called Windows Vault, which by default stores all credentials. In fact, the vault is just a more descriptive name for the Credentials folder. For domain users, this folder is located at: C:UsersUsernameAppDataRoamingMicrosoft (in the English version C:UsersUsernameAppDataRoamingMicrosoft), for local users - C:UsersUsernameAppDataLocalMicrosoft (in the English version C:UsersUsernameAppDataLocalMicrosoft). All files in this folder are, of course, encrypted, and access to them is carried out just using the Credential Manager.

You can open it through the Control Panel, or simply by typing Credentials Manager in the search bar (Credentials Manager for the English version).

This is what Credential Manager looks like. All data in it is grouped into three categories:
. Windows Credentials(Windows Credentials) are usernames and passwords that are used to access public network folders, websites that use Windows Integrated Authentication, and when connecting to a remote desktop;
. Certificate-Based Credentials(Certificate-Based Credentials) - designed for authentication using smart cards;
. General Credentials(Generic Credentials) - used third party applications, which require separate authorization with credentials other than those used for logging in. This partition can store almost any credential that complies with Microsoft standards.

All credentials can be expanded and viewed in detail, and if desired, edited.

Credentials can not only be saved during the connection process, but also entered directly in the dispatcher. To do this, select a section and click on the "Add credentials" link. As an example, let's add the credentials to connect to the private website http://contoso.com to the Generic Credentials section.

Now the data is saved in the storage, and when connecting to this resource you don't need to enter them.

Strictly speaking, websites are a different story. The credential manager is far from responsible for all the data used to access Internet resources. Most of this data is processed and stored within the browser itself. AT Internet Explorer, for example, there is a special autocomplete function for this (AutoComplete).

This shortcoming was attempted to be corrected in Windows 8, where the Credential Manager has separate section titled "Internet Credentials". And if you specify to save, for example, the password from Yandex-mail, then it will be saved here. However, this feature only works with Internet Explorer, other browsers do not use it and still store all the data on their own.

Archiving and Restoring

Directly below the Windows Storage icon are two links: Backup Storage and Restore Storage. Thus, the credentials can be backed up in case the storage is deleted or damaged, or transferred from one computer to another.

Data archiving is carried out by a special wizard. The procedure is simple - we indicate where to save the archive (recommended on removable media), then set a password to access it. The password must be set using the Secure Desktop. This is required even if the secure desktop is disabled.

Recovery follows a similar scenario - specify the location of the archive and enter the password, also on Secure Desktop.

Credential Manager is especially handy when you don't have a domain, when all permissions are on network resources registered locally. In this case, the credential archive can be used to automate the rights distribution process. However, Credential Manager can also be used in a domain to access external resources. In general, the thing is useful, it does not require special settings, it saves the data. True, sometimes individual credentials can suddenly disappear, so the archive is still worth doing.

In the previous part of the article, we discussed methods for creating local user accounts and domain users. In this part, we will talk about managing user accounts using the User Account Control component and the Snap-in. Local Users and groups", as well as about the "Credential Manager" - a component that allows you to save user credentials.

Managing accounts using the "Manage User Accounts" dialog

As mentioned in the first part, using the dialog box "User Account Management" you can not only create accounts, but also perform simple actions with them, such as:

Name change;
Creating a password;
Change Password;
Removing a password;
Change drawing;
Installation parental control;
Change account type;
Deleting an account;
Enabling and disabling the guest account;

This section will discuss each of these steps in detail.

Name change

To change the account name, follow these steps:

Create a password

To create a password for a user account, do the following:

change Password

If the user account already has a password, but it needs to be changed, do the following:

You can also use the extended ASCII character set, a system that assigns numeric values to letters, numbers, and other characters, to create strong passwords and passphrases. By using the extended ASCII character set, you can increase the strength of passwords and passphrases. Before using extended ASCII characters to create passwords and passphrases, you should make sure that the extended ASCII characters and phrases are compatible with the applications you use. Be especially careful when using extended ASCII characters in passwords and passphrases.

Removing a password

In the event that the user has a password and does not need this password to work on the computer, perform the following steps:

Change your account picture

In operating rooms Windows systems it is possible to select an image corresponding to the user account, which is displayed on all windows and menus where the user name should be displayed. To change the picture for a user account, do the following:

Setting parental controls

In the event that you have children and you use a computer together with them or set up a computer in an institution where children will study on it, you should try to restrict their access to use the contents of the computer, as well as applications installed on the computer. You can set the time intervals during which children can use the computer, as well as determine which games and programs they can use.

When parental controls block access to a game or program, a notification appears that the program has been blocked. The child can click the link in the notification to request permission to access the game or app. You can allow access by entering your account information.

To set up parental control, do the following:

Change account type

After installing the operating system, the created account is by default endowed with administrative rights. This account allows you to set up your computer and install any programs. After you finish setting up your computer for daily work, Microsoft strongly recommends that you use an account that does not have administrative privileges. New user accounts should be created as normal accounts. Using regular accounts is more secure for your computer. To change the account type, do the following:

Deleting an account

If you need to delete a user account, you can do the following:

Enable or disable a guest account

Users who log in to a computer with a guest account receive temporary profile A that is created when the user logs in and is deleted when the user logs out. To enable this account, do the following:

Account operations using the Local Users and Groups snap-in

As discussed in the first part, using the snap-in allows you to restrict the possible actions of users and groups by assigning rights and permissions to them. With this tool, you can do things like:

Reset user password;
Disabling a user account;
Deleting an account;
Name change;
Assigning login scripts;
Home folder assignment.

Reset user password

First of all, do not forget that resetting the password for a local user account can lead to a partial loss of data for this user if he had encrypted data or alternative Internet passwords. To reset a user's password, do the following:

If the password is entered and confirmed correctly, the following dialog will appear, which indicates that the password has been successfully changed:

Disabling or activating

When an account is disabled, the user is prevented from logging on. In the snap-in details pane "Local Users and Groups" the disabled account icon is displayed with an arrow icon. When the account is activated, the user is again able to log in normally. To disable a user account, follow these steps:

Open Snap "Local Users and Groups";
Open Node "Users";
Right-click on the user account that you want to disable, and then select the command from the context menu "Properties";
To disable the selected user account, check the box next to "Deactivate account".

To reactivate your account, uncheck "Deactivate account".

Deleting an account

If it becomes necessary to remove a user account, Microsoft recommends that you disable that account first. In the event that no errors occurred during the disconnection, then it can be safely deleted. Once deleted, the account cannot be restored. To delete an account, do the following:

Open Snap "Local Users and Groups";
Open Node "Users";
"Delete".

Name change

You don't have to worry about data integrity when changing the username. Because the security identifiers (SIDs) of the accounts are preserved, the renamed account retains all other properties, including description, password, group membership, user profile, account information, and all user permissions and rights. To rename a user account, do the following:

Open Snap "Local Users and Groups";
Open Node "Users";
Right-click on the user account that you want to delete, and then select the command from the context menu "Rename".

Assigning a logon script

System administrators can use logon scripts to assign tasks that will automatically run when a user logs on to a specific computer in the system. These scripts use the system Environment Variables and may also call other scripts or executable programs. Login scripts are often used to connect system drives, running processes in background and setting custom environment variables.

The logon script is executed automatically when a user logs on to a computer running an operating system Windows families. A script can contain operating system commands, such as commands to map network drives or run programs. Logon scripts also contain environment variables to specify information such as the path to search for files and the directory location for temporary files. Typically, the login script is batch file(with the extension .bat or .cmd), but any executable program is also allowed.

Login scripts are optional. They can be used to customize your work environment by making network connections and running programs. Logon scripts are used when you want to affect some settings of the user's work environment without controlling all aspects of it.

Logon scripts hosted on the local computer only apply to users logging in from this local computer. Local logon scripts must be placed in a public folder or a subfolder of a public folder named Netlogon. If this default folder does not exist, you must create it. To specify a logon script located in a subfolder of the Netlogon folder, prefix the file name with the relative path to that folder. For example, to assign the Start.bat logon script saved in \\ComputerName\Netlogon\local user FolderName, enter FolderName\Start.bat in the Logon Script field. To assign a login script to a user account, do the following:

Open snap "Local Users and Groups";
Open node "Users";
Right-click on the user account to which you want to assign a logon script, and then select the command from the context menu "Properties";
Go to the tab "Profile" and there in the field "Login Script" you need to specify the name and relative path of the script file.

Assigning a home folder

If no home folder is assigned, the system assigns the user account a default local home folder (in the root folder where operating system files are installed). To specify a network path for the home folder, you must first create a share and set permissions that allow access to users. Folder "The documents" is a convenient alternative to home folders, but does not replace them. Folders are created on the boot volume "The documents" for each user. In order to specify the home folder on a local or network resource, perform the following steps:

Open Snap "Local Users and Groups";
Open Node "Users";
Right-click on the user account whose home folder you want to reassign, and then select the command from the context menu "Properties";
Go to tab "Profile";
Specify the home folder for the user:
- To specify a local home folder, in the field "Path" enter the path to the folder on the local computer;
- In order to specify the home folder on a network resource, set the radio button to the options "To plug", specify a drive letter and select a network share:

Storing User Credentials

Credential Manager is designed to store credentials, such as usernames and passwords, used to sign in to websites or other computers on the network. Storing credentials in Windows allows you to automatically sign in to a website or computer when you connect to it. Credentials are stored on your computer in folders called vaults. Windows and programs (such as web browsers) can securely share credentials in storage with other computers and websites.

Windows Credential Store allows you to store credentials for servers, websites, and other programs in order to Windows users could automatically fall on their resources. Users can now store their credentials for Facebook, Twitter, Gmail, Hotmail, and more. so that all computer users can access them automatically.

"Credential Manager" can be opened in the following ways:

Click on the button "Start" to open the menu, open "Control Panel" « Accounts users". Click on the link on the left side "Account Administration";
Click on the button "Start" to open the menu, open "Control Panel" and from the list of control panel components select "Credential Manager".

The following screenshot shows "Credential Manager":

Adding Windows Credentials

To add new credentials located in local network or online in the category "Windows Credentials" follow this link "Add Windows Credentials".

In the dialog box in the field "Internet or network address" "Username" in the current dialog, enter the name of the account you are using, and in the field "Password" "OK".

Main window "Credential Manager", in a group "Windows Credentials"

Add certificate-based credentials

AT "Credential Manager" it is also possible to store data based on the certificates used. To add certificate-based credentials, follow the link "Add certificate-based credentials". In the dialog, you can open the local certificate manager to view existing ones and export to a smart card.

To open the certificate snap-in, follow the link "Open Certificate Manager".

From this snap-in, you can export any available certificate to a smart card to add certificate-based credentials.

After the certificate is exported in the dialog "Enter a website address or network location and select a certificate" in field "Internet or network address" enter the address and click on the button "Certificate Selection". If no smart card is inserted, the following dialog will appear.

After inserting the smart card and selecting the certificate, click on the button "OK" in dialogue "Enter a website address or network location and select a certificate".

Vault archiving

With help "Credential Manager" you can archive your data. In order to archive your credentials, you need to follow the link in the dialog box "Archiving storage".

Where the wizard prompts you to specify a folder to save the archived data. To specify the folder where you want to save the backup copy of credentials, click the button "Review".

In the dialog that appears "Save as" select the folder where the file is to be saved. If you want to save the file in a new folder, you can create it directly from this dialog using context menu or button « new folder» on the action bar. In field "File name" enter a name and click on the button "Save".

After the folder for saving the archive is specified, the wizard will offer to put the desktop into safe mode to continue archiving credentials. To do this, use the key combination Ctrl+Alt+Delete.

After switching to the secure desktop, you must specify a password for the archive. In dialogue "Protect the archive file with a password" enter the password for this account, and then duplicate it in the field "Confirmation", then click on the button "Further".

After the completion of data archiving, in the last dialog of the wizard, you will only need to click on the button "Ready". After clicking on this button, the desktop will be transferred from safe mode to user.

Storage recovery

In order to restore credentials from storage, in the dialog "Store credentials for automatic login" follow the link restore storage to open the wizard.

Immediately after clicking on the link, a dialog will open "Save usernames and passwords", where the wizard will prompt you to specify the folder where you can find the file to restore data from the archive. To specify the folder in which archival copy credentials, click on the button "Review".

In the dialog box "Open", moving through the directory tree, you should open the folder containing the desired file. After the desired archive is found, you need to select it by clicking on it with the left mouse button, which will place its name in the line for entering the file name and click on the button "Open".

The wizard will prompt you to put your desktop into safe mode to continue recovering your credentials. To do this, use the key combination Ctrl+Alt+Delete.

On the secure desktop, in the first dialog, the wizard prompts you to enter a password for the archive file. In field "Password" enter the password that was entered when creating the archive. Then, click on the button "Further".

In the event that an error was made when entering the password, the wizard will display a dialog with an error, where you will be prompted to enter the correct password for the archive again.

In the event that the correct password was entered, the wizard will immediately begin to restore the archived credentials. After recovery, click on the button "Ready" in order to transfer the computer from safe mode to user mode.

Adding Shared Credentials

Credential Manager also allows you to add so-called generic credentials. To add shared credentials, in a group "General Credentials" follow this link "Add Shared Credentials".

In the dialog box "Enter website address or network location and credentials" in field "Internet or network address" enter the host address or computer name on the local network. In field "Username" enter the name of the account you are using, and in the field "Password"- your password on the resource for which we are adding credentials. Next, click on the button "OK".

Main window "Credential Manager", in a group "General Credentials" the data that we entered in the previous dialog will be displayed.

Conclusion

This part of the article explains how to manage user accounts using User Account Control and the Local Users and Groups snap-in. Namely, about changing the name, creating a password, changing the password, removing the password, changing the user account picture, setting parental controls, changing the account type, deleting the account, changing the location of home directories, enabling and disabling the guest account, and more. It also describes the principle of operation of the "Credential Manager" - a component that allows you to save user credentials

Credential Manager, or Credential Manager, is a mechanism that allows you to manage user registration data (login and password) for accessing network resources, as well as certificates and credentials for various applications (e-mail, web services, etc.) .

For example, let's say we want to access a folder on another computer, and the remote computer is asking for our credentials. Enter your username, password and check the box "Remember credentials". Or, when connecting to a remote desktop, we allow saving credentials so as not to enter them every time.

Strictly speaking, websites are a different story. The credential manager is far from responsible for all the data used to access Internet resources. Most of this data is processed and stored in the Internet Explorer web browser itself, which has a special AutoComplete feature for this.

This nuance was fixed in Windows 8, where the Credential Manager has a separate section called "Internet Credentials". And if you specify to save, for example, the password from Yandex-mail, then it will be saved here. However, this feature only works with Internet Explorer, other browsers do not use it and still store all the data on their own.

C:\Users\Username\AppData\Roaming\Microsoft

(in the English version C:\Users\Username\AppData\Roaming\Microsoft),

for local - C:\Users\Username\AppData\Local\Microsoft

(in the English version C:\Users\Username\AppData\Local\Microsoft).

All files in this folder, of course, are encrypted, and access to them is carried out just using the Credential Manager.

You can open it through the Control Panel, or simply by typing Credentials Manager in the search bar (Credentials Manager for the English version).

All data in Credential Manager is grouped into three categories:
Windows Credentials(Windows Credentials) - these are the names and passwords that are used to access network shares, websites that use Windows Integrated Authentication, as well as when connecting to a remote desktop;
Certificate-Based Credentials(Certificate-Based Credentials) - designed for authentication using smart cards;
General Credentials(Generic Credentials) - used by third-party applications that require separate authorization with credentials different from those used to log in. This partition can store almost any credential that complies with Microsoft standards.

Credential Manager in Windows 7

For example, let's say we want to access a folder on another computer, and the remote computer is asking for our credentials. Enter your username, password and check the box "Remember credentials".

Or, when connecting to a remote desktop, we allow saving credentials so as not to enter them every time.

All credentials saved in this way end up in the so-called Windows Vault, which by default stores all credentials. Actually, the vault is just a more descriptive name for the Credentials folder. For domain users, this folder is located at: C:\Users\Username\AppData\Roaming\Microsoft (in the English version C:\Users\Username\AppData\Roaming\Microsoft), for local users - C:\Users\Username\ AppData\Local\Microsoft (in the English version C:\Users\Username\AppData\Local\Microsoft). All files in this folder are, of course, encrypted, and access to them is carried out just using the Credential Manager.

You can open it through the Control Panel, or simply by typing Credentials Manager in the search bar (Credentials Manager for the English version).

This is what Credential Manager looks like. All data in it is grouped into three categories:
Windows Credentials(Windows Credentials) - these are the names and passwords that are used to access network shares, websites that use Windows Integrated Authentication, as well as when connecting to a remote desktop;
Certificate-Based Credentials(Certificate-Based Credentials) - designed for authentication using smart cards;
General Credentials(Generic Credentials) - Used by third-party applications that require separate authorization with credentials other than those used to log in. This partition can store almost any credential that complies with Microsoft standards.

All credentials can be expanded and viewed in detail, and if desired, edited.

Now the data is saved in the storage, and when connecting to this resource, you will not need to enter them.

Strictly speaking, websites are a different story. The credential manager is far from responsible for all the data used to access Internet resources. Most of this data is processed and stored within the browser itself. In Internet Explorer, for example, there is a special autocomplete function (AutoComplete) for this.

This shortcoming was addressed in Windows 8, where the Credential Manager has a separate section called "Internet Credentials". And if you specify to save, for example, the password from Yandex-mail, then it will be saved here. However, this feature only works with Internet Explorer, other browsers do not use it and still store all the data on their own.

Archiving and Restoring

Data archiving is carried out by a special wizard. The procedure is simple - we indicate where to save the archive (recommended to removable media), then set a password to access it. The password must be set using the Secure Desktop. This is required even if the secure desktop is disabled.

Recovery follows a similar scenario - specify the location of the archive and enter the password, also on Secure Desktop.

Credential Manager is especially useful in the absence of a domain, when all permissions to network resources are registered locally. In this case, the credential archive can be used to automate the rights distribution process. However, Credential Manager can also be used in a domain to access external resources. In general, the thing is useful, it does not require special settings, it saves the data. True, sometimes individual credentials can suddenly disappear, so the archive is still worth doing.

I bet almost none of you have heard of Credential Manager, let alone what it is and how to use it. However, until recently, the purpose of this tool remained a mystery to me, although I knew about its existence. In this article, I will tell you everything I know about it and how to use it.

What is Credential Manager?

A "credential manager" is a "digital safe" where Windows stores credentials (username, passwords, etc.) for other computers on the network, servers, or websites. This data is used as operating system, and applications that know how to use them, for example: the tools included in the Windows Live essentials, Microsoft Office, or applications to launch virtual machines.

Credentials are divided into three categories:

"Windows Credentials"– used only by Windows and its services. For example, Windows can use this data to automatically log in to shared folders on another computer on your network. Or, to store the password of the homegroup you are a member of. The user can change or delete such credentials, but we will cover this in later sections of this article.
"Certificate Based Credentials"– they are used together with smart cards, mainly in complex networked business environments. Most of you will never need to use these credentials and this section will be empty on your computers, but if you want to know more about them, read from Microsoft.
"General Credentials"- are used by some programs to obtain permission to use certain resources. The most commonly used generic credential is , which is used by programs included in Windows package Live Security Essentials.

All of these credentials are automatically stored and managed by Windows and the applications you use. To view the credentials stored on the computer, or to delete or edit some of them, use Credential Manager.

Important: Windows 8 added another type of credential called "Internet Credentials". As the name suggests, this data is used by the Internet Explorer browser to automatically authorize you on certain websites.

"Internet Credentials" are created and deleted through Internet Explorer's built-in password management features. You will not be able to create this data through the "Credential Manager" - you can only view the existing ones and delete them.

How to open Credential Manager?

One way to open Credential Manager is to open Control Panel, then go to User Accounts and Family Safety, then select Credential Manager.

Most Common Credentials

On most Windows 7 and Windows 8 computers, you will see basically the same credentials. Among the most common:

Details for signing into a homegroup- the username (HomeGroupUser$) is stored here with a password to access home group.
virtualapp/didlogical– Very little is known about these credentials. Some say they are used by the virtualization features included with Windows 7 and Windows 8.
windows live- Windows Live ID login information.

Adding credentials

The process of adding credentials is very simple. First, decide on the credential type. Which of the three do you need?

Let's say you want to add "Windows Credentials" so that you can open folders on another computer.

Next, you need to enter the required login information. First enter the IP address or computer name. Next, enter the username that will be used to log in. By the way, don't forget to enter the computer name before the username, as shown in the screenshot below. Now enter the password and click OK.

Credentials are stored and will be automatically used each time you access this computer your network.

Remove Credentials

To delete credentials, first find them and expand them by clicking on their name or on the arrow on the right.

You will be asked to confirm the deletion. Click on the "Yes" button.

The credentials have been removed and will no longer be used.

Editing existing credentials

To change the details of an existing credential, just as you did with deletion, locate and expand it. Next, click "Edit".

After editing, do not forget to click on the "Save" button for the changes to take effect.

Conclusion

As you can see, "Credential Manager" plays an important role on your computer. The only thing is that I have not yet figured out how well this data is encrypted, so I will continue to study this tool and write at least one more article about it.

Have a great day!