RE: Disabling Internet Explorer "Save my password" checkbox for http authentication

From: Tumarinson, Max (MaxTumarinson_at_AmalgamatedBank.com)
Date: 09/22/03

  • Next message: Mike Anderson: "RE: Disabling Internet Explorer "Save my password" checkbox for http authentication" 
    Date: Mon, 22 Sep 2003 13:51:15 -0400
To: <focus-ms@securityfocus.com>

    Take a look at this microsoft article
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;229940
    -----Original Message-----
    From: Anthony DiPasquale [mailto:agdrcc@ritvax.isc.rit.edu]
    Sent: Friday, September 19, 2003 2:38 PM
    To: focus-ms@securityfocus.com
    Subject: Disabling Internet Explorer "Save my password" checkbox for
    http authentication

    Greetings,

    I maintain several "public" computers that are configured with group
    policy to allow a user to log on with a generic account and the Windows
    shell is replaced by Internet Explorer running in kiosk mode, so they
    basically get a full screen web browser pointed at a particular
    website. (Windows XP Pro running IE6 latest with all patches on a Win2k
    AD environment). This site requires http authentication, so an http
    authentication window pops up stating the realm and asking for
    username/password, and has a checkbox below to save this username and
    password combination. Unfortunately it seems some of our users lack
    the common sense to realize they are using a public terminal that
    always goes to the same website where sensitive information is kept and
    check this box off. The next person to come along and log in to the
    machine is then prompted for the http authentication username/password
    combination and are greeted with some other user's information
    conveniently filled out for them. Is there a way to disable this
    checkbox, or perhaps clear the stored information some how at logout?
    It seems that turning off AutoComplete including the save passwords
    option does not affect the http authentication dialog, and I've also
    tried to disable userdata persistence and set user authentication to
    "prompt for username and password" in the IE security options, but
    neither of these seem to help me.

    Any suggestions? Any idea where this information is stored on the
    system so that it can at least be cleared at logout? It is common
    practice for users to log off the machine after using the kiosk mode
    because the website they visit actually enables an account for them to
    re-logon to the system and use it as a regular workstation, so this
    would be a viable option.

    Thanks in advance!

    -Anthony

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    ********************************************************************************************
    This message contains confidential information and is intended only
    for the individual named. If you are not the named addressee you
    should not disseminate, distribute or copy this e-mail or its attachments.
    Please notify the sender immediately by e-mail if you have received this
    e-mail in error and delete this e-mail from your system.

    E-mail transmission cannot be guaranteed to be secure or error-free
    as information could be intercepted, corrupted, lost, destroyed,
    arrive late or incomplete, or contain viruses. Amalgamated Bank therefore
    does not accept liability for any errors or omissions in the contents of
    this message which arise as a result of e-mail transmission. If
    verification is required please request a hard-copy version.
    ********************************************************************************************

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Mike Anderson: "RE: Disabling Internet Explorer "Save my password" checkbox for http authentication"

    Relevant Pages