[Windows] Credentials disappear! ??Introducing the cause and workaround!

Windows

Hello!This time I was in a very difficult situation, so there are cases like this!I would like to introduce an example in the sense that.

When you go to access a shared server etc. on Windows, a password is often set.
At that time, it is troublesome to enter the password every time.
Therefore, I think that it is common practice to memorize credentials and omit input.

If you check the red frame and save the credentials,
You can omit the input from the next access

However, when I did this under certain conditions, this credential disappeared after a reboot.There was a consultation asking me to solve this.It's a disappointing result, but I would like to introduce the survey results.

Occurrence condition

First, start Credential Manager and check the saved credentials.

Click Windows Credentials, then click the button on the far right of the applicable credential.

Then, as shown below, the "Permanent" item may become "Logon session".

If you reboot in this state, your credentials will be lost when you log in.

Cause

The reason why this happens is that the credentials and "Account with the same nameIs also present on the shared server. * It is very easy to express.

Workaround

If the credentials are saved correctly, the "Permanent" item must be "Local Computer" or "Enterprise" as shown below.

To do the above, it must be clearly stated that it is a "shared server account".For example, if the shared server name is "Server" and the user name is "User", then "Shared server name\User nameYou can avoid this by entering it in the format of "" and saving it.

Server & Hosting\User

* Please replace \ with \ depending on the environment.

Another pattern (a case that actually happened in a domain environment)

The above pattern was a problem in the user identification process that occurred in the user name identification with the shared server, but the same situation is possible even in the domain environment.

For example, suppose a domain-joined shared server has a folder shared with a domain user name.

In this case, when accessing the folder from a client terminal that is joined to the same domain, the credentials are stored by specifying another domain in the same network.

The domain that originally participated in the domain is called "DomainAAnd another domain in the same network as ""DomainB"will do.There is a user with the same name in both.

In that state, when the client terminal accesses the shared server, "DomainBI was able to create a "permanent: logon session" state by saving the Windows credentials by specifying "\ domain user name".

in this case"DomainAEither you should specify it correctly as "\ domain user name", or you should have specified it only with "domain user name" because it is in a domain environment in the first place.

I think this is an event that can only occur in a fairly large company, but in the case of a domain moving to a new environment, the user specifies the old domain and "Credentials disappearI think it may lead to complaints such as.

Microsoft's view

This event is caused by duplicate user names in the same environment.
There was an article saying that this behavior is also a specification for Microsoft.

Of course, it can be a security issue, so I personally appreciate it, but I'm honestly skeptical that it seems like it can be saved once in a logon session.When I gave a little warning and said "Cannot save", I thought that it did not surface as a problem.

Afterword

This time, I have introduced the cause and workaround for the case where the credentials are lost.

I think that an environment with duplicate user names is unlikely to occur in a network with a short history.
However, we recognize that there are many companies that have been operating Windows and its networks for a very long time in modern Japan.Therefore, I think there is a good possibility that such duplicate names are not uniquely determined not only for the user but also for the computer name.

I think that it will be more important for engineers who handle Windows not only to have knowledge of the latest OS, but also to have the ability to make inferences in anticipation of dealing with environments with such a history.

I hope it helps you.

Comment

Translate »
I copied the title and URL