RE: Disabling Internet Explorer "Save my password" checkbox for http authentication
From: Mike Anderson (secure_at_spoofedpackets.net)
Date: 09/22/03
- Previous message: Tumarinson, Max: "RE: Disabling Internet Explorer "Save my password" checkbox for http authentication"
- In reply to: Tumarinson, Max: "RE: Disabling Internet Explorer "Save my password" checkbox for http authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Tumarinson, Max'" <MaxTumarinson@AmalgamatedBank.com>, <focus-ms@securityfocus.com> Date: Mon, 22 Sep 2003 17:34:17 -0400
Max,
There is another way using group policies in active directory.
You can go under user configuration/administrative templates/windows
components/internet explorer down near the bottom is "Do not allow
autocomplete to save passwords" simply enable this and it should work.
Please see the paste below of the explanation of what this policy does.
Disables automatic completion of user names and passwords in forms on
Web pages, and prevents users from being prompted to save passwords.
If you enable this policy, the User Names and Passwords on Forms and
Prompt Me to Save Passwords check boxes appear dimmed. To display these
check boxes, users open the Internet Options dialog box, click the
Content tab, and then click the AutoComplete button.
If you disable this policy or don't configure it, users can determine
whether Internet Explorer automatically completes user names and
passwords on forms and prompts them to save passwords.
The "Disable the Content page" policy (located in \User
Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel), which removes the Content tab from
Internet Explorer in Control Panel, takes precedence over this policy.
If it is enabled, this policy is ignored.
Let us know if this works out for you!
Mike Anderson
-----Original Message-----
From: Tumarinson, Max [mailto:MaxTumarinson@AmalgamatedBank.com]
Sent: Monday, September 22, 2003 1:51 PM
To: focus-ms@securityfocus.com
Subject: RE: Disabling Internet Explorer "Save my password" checkbox for
http authentication
Take a look at this microsoft article
http://support.microsoft.com/default.aspx?scid=kb;EN-US;229940
-----Original Message-----
From: Anthony DiPasquale [mailto:agdrcc@ritvax.isc.rit.edu]
Sent: Friday, September 19, 2003 2:38 PM
To: focus-ms@securityfocus.com
Subject: Disabling Internet Explorer "Save my password" checkbox for
http authentication
Greetings,
I maintain several "public" computers that are configured with group
policy to allow a user to log on with a generic account and the Windows
shell is replaced by Internet Explorer running in kiosk mode, so they
basically get a full screen web browser pointed at a particular
website. (Windows XP Pro running IE6 latest with all patches on a Win2k
AD environment). This site requires http authentication, so an http
authentication window pops up stating the realm and asking for
username/password, and has a checkbox below to save this username and
password combination. Unfortunately it seems some of our users lack
the common sense to realize they are using a public terminal that
always goes to the same website where sensitive information is kept and
check this box off. The next person to come along and log in to the
machine is then prompted for the http authentication username/password
combination and are greeted with some other user's information
conveniently filled out for them. Is there a way to disable this
checkbox, or perhaps clear the stored information some how at logout?
It seems that turning off AutoComplete including the save passwords
option does not affect the http authentication dialog, and I've also
tried to disable userdata persistence and set user authentication to
"prompt for username and password" in the IE security options, but
neither of these seem to help me.
Any suggestions? Any idea where this information is stored on the
system so that it can at least be cleared at logout? It is common
practice for users to log off the machine after using the kiosk mode
because the website they visit actually enables an account for them to
re-logon to the system and use it as a regular workstation, so this
would be a viable option.
Thanks in advance!
-Anthony
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- ************************************************************************ ******************** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail or its attachments. Please notify the sender immediately by e-mail if you have received this e-mail in error and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Amalgamated Bank therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. ************************************************************************ ******************** ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Tumarinson, Max: "RE: Disabling Internet Explorer "Save my password" checkbox for http authentication"
- In reply to: Tumarinson, Max: "RE: Disabling Internet Explorer "Save my password" checkbox for http authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
