archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/base/keymgr/keymgr_component_descriptio...

51 lines
3.1 KiB
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML DIR="LTR"><HEAD>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<TITLE>Keyring Component Description</TITLE>
<style type="text/css">@import url(td.css);</style></HEAD>
<BODY TOPMARGIN="0">
<H1><A NAME="_keyring_component_description"></A><SUP></SUP>Keyring Component Description</H1>
<P>Microsoft Windows NT provides a single sign-on experience for users by allowing network providers to take a user’s credentials at login and authenticate the user to other targets. This approach might not be sufficient in every case, for example, if a user connects to an untrusted domain or uses alternate credentials to access a specific resource. Windows XP addresses this problem through the Windows Stored User Names and Passwords component, sometimes referred to as Key Manager or Keyring. This component provides credential storage and management functionality. </P>
<P>The Store User Names and Passwords component provides the user with a secure roamable store for credentials. Roamable implies that if the user is part of a domain with roaming profiles the credentials can be saved as part of that roaming profile. This mechanism enables users to use the Stored User Names and Passwords feature anywhere they can access their profiles. </P>
<H1>Configuring the Component</H1>
<P>This component requires no configuration.</P>
<P>The Credential Manager uses two registry values to control per-machine policy. </P>
<P>The following table shows the registry values under the <code class="ce">HKLM\System\CurrentControlSet\Control\Lsa</code> registry key:</P>
<P class="fineprint"></P>
<TABLE>
<TR VALIGN="top">
<TH width=29%>Registry Value</TH>
<TH width=22%>Type</TH>
<TH width=49%>Description</TH>
</TR>
<TR VALIGN="top">
<TD width=29%><B>TargetInfoCacheSize</B></TD>
<TD width=22%><B>REG_DWORD</B></TD>
<TD width=49%>Specifies the number of entries in the target information cache. The credential manager manages a per-logon session cache of mappings from target name to target info. The <B>CredGetTargetInfo</B> function obtains its information from the cache. If this value is set too small, other applications running under the logon session can flush a cache entry (by adding their own) before a cache entry can be used. If this value is set too large, an excessive amount of memory will be consumed. The default value is 1000 entries. The minimum value is 1.</TD>
</TR>
<TR VALIGN="top">
<TD width=29%><B>DisableDomainCreds</B></TD>
<TD width=22%><B>REG_DWORD</B></TD>
<TD width=49%>Specifies whether domain credentials CRED_TYPE_DOMAIN_* may be read or written on this machine. If this value is set to 0, domain credentials function normally. If this value is set to 1, domain credentials cannot be written (a STATUS_NO_SUCH_LOGON_SESSION error message is returned to any API that attempts to write such a credential) or read (any such credential is silently ignored).</TD>
</TR>
</TABLE><BR>
<P class="fineprint"></P>
<H1>For More Information</H1>
<P>Additional information about this component can be found in the product online Help.</P>
</BODY>
</HTML>