Microsoft

Manage network logon credentials in Microsoft Windows

Greg Shultz introduces you to the Windows 7's Credential Manager, explains how it works, and compares it to Stored User Names and Passwords.

As you may know, Microsoft Windows 7 provides a new and improved version of a tool that also appeared in Windows Vista and Windows XP and is designed for managing network-based logon credentials (i.e. user names and passwords) from sources that adhere to Microsoft credential management standards. The Windows 7 tool is called Credential Manager and is more advanced than the simplistic tool called Stored User Names and Passwords that came with Windows Vista and Windows XP.

With credentials stored in these tools, you will be able to automatically log on to a server/site without first being prompted to provide a user name and password. For example, Windows 7's Credential Manager can store credentials and automatically log you in to Windows Live services such as Hotmail and SkyDrive, Microsoft Office services such as Outlook Web Access for Exchange Server as well as Windows servers and Remote Desktop connections.

In this Windows Desktop Report blog post, I'll introduce you to the Windows 7's Credential Manager and explain how it works. I'll also briefly examine the Stored User Names and Passwords tools in Windows Vista and Windows XP for comparison purposes.

This blog post is also available in PDF format in a free TechRepublic download.

Access the Credential Manager

You can quickly access the Credential Manager in Windows 7 by clicking the Start button and typing Credential in the Start Search dialog box. As soon as you do, you'll see Credential Manager appear in the results panel, as shown in Figure A.

Figure A

You'll see Credential Manager appear in the results panel.
Alternatively, you can find the Credential Manager in the User Accounts and Family Safety section of the Control Panel, as shown in Figure B.

Figure B

Credential Manager can be found in the User Accounts and Family Safety section of the Control Panel.
Either way, when you launch the Credential Manager, you'll see its window, as shown in Figure C.

Figure C

Credential Manager is very user-friendly.

Windows Vault

As you can see by the icon near the top of the window, the default storage location for the credentials is called Windows Vault. This is just a generic name for the hidden Credentials folder on your hard drive. If you are connected to a domain, this folder is in the path C:\Users\UserName\AppData\Roaming\Microsoft. If you are using peer-to-peer network, the folder is in the path C:\Users\UserName\AppData\Local\Microsoft. As you might imagine, the files in the Vault/Credentials folder are encrypted.

Backup and Restore the Windows Vault

Beneath the Windows Vault icon, you'll see links to the Back Up Vault and Restore Vault operations. In addition to having a backup in case of accidental deletion or corruptions, this feature makes it easy to transfer a user's credentials from one system to another.

When you click Back Up Vault Link, you'll encounter a wizard that walks you through a process, as shown in Figure D, that includes accessing the Secure Desktop via CTRL+ALT+DELETE where you are prompted to password-protect your credential backup file.

Figure D

During the backup process, you'll enter the Secure Desktop and add a password to the credential backup file.
During the Restore process, shown in Figure E, you need to access the Secure Desktop to enter the password before you can restore the credential backup file.

Figure E

Before you can restore the credential backup file, you'll need to access the Secure Desktop to enter the password.

(Keep in mind that even if you have disabled the Secure Desktop, you'll still encounter the Secure Desktop while backing up and restoring the credential backup file.)

Credential types

The Credential Manager separates the types of credentials that it stores into three categories: Windows Credentials, Certificate-Based Credentials, and Generic Credentials.

  • Windows Credentials are user names and passwords used to log on to Windows-based network shares, Web sites that use Windows Integrated Authentication, and Remote Desktop/Terminal Server Connections.
  • Certificate-Based Credentials are for smart cards and other similar devices.
  • Generic Credentials are for third-party applications that manage authorization separate from the credentials of the currently logged-on user. (Almost any credentials that adhere to the Microsoft standard can be stored in the Generic Credentials category.)

Keep in mind that Credential Manager is not used to store all types of credentials used for connecting to Web sites. For example, most Web site credentials in Internet Explorer are handled by the AutoComplete feature.

Adding/Editing credentials

In many cases, credentials are automatically added to Credential Manager. For example, when you set up a Remote Desktop Connection and select the Allow Me to Save Credentials check box, as shown in Figure F, the user name and password will be saved in the Windows Vault.

Figure F

When you select the Allow Me to Save Credentials check box in Remote Desktop Connection, credentials are automatically added to Credential Manager.
You can add credentials manually by clicking the Add Link in any of the categories and filling in the required fields in the dialog box. For example, if you click Add a Windows Credential to set up a Remote Desktop Connection, you'll fill in the Add a Windows Credential window, as shown in Figure G. As you can see, I opted to enter the computer name in the first text box, but I could have just as easily used the computer's IP address instead.

Figure G

You can manually add credentials by clicking Add Link in any of the categories and filling in the required fields in the dialog box.
Once you have credentials set up, you can view them by clicking the adjacent arrow button, as shown in Figure H. Once you reveal the credential, you can edit the entry by clicking the Edit link or delete the entry by clicking the Remove from Vault link.

Figure H

Once you have credentials set up, you can view them by clicking the adjacent arrow button.

Credentials for developers

If you are a developer, you can learn how to take advantage of the Credentials Management application programming interface (API) in Windows 7 by investigating the Credentials Management resource on the MSDN site.

Stored User Names and Passwords

The Stored User Names and Passwords tool in Windows Vista and Windows XP works similarly to the Windows 7 version. Credentials can be added automatically or manually, and once in place they will allow you to automatically log on to a server/site without first being prompted to provide a user name and password.

The Stored User Names and Passwords tool can be launched by pressing [Windows]+R to access the Run dialog box and then typing control userpasswords2 in the Open text box. In Vista, you will need to work through a UAC before you get to the User Accounts dialog box. In XP, you'll immediately see the User Accounts dialog box. In the User Accounts dialog box, you'll select the Advanced tab. From the Advanced tab, you'll click the Manage Passwords button.

As you can see in Figure I, the Windows Vista version allows you to back up and restore the credentials as well as add, remove, and edit credentials.

Figure I

The Windows Vista version also allows you to back up and restore the credentials.
The Windows XP version of the Stored User Names and Passwords tool, shown in Figure J, allows you to add, remove, and edit (via Properties) credentials.

Figure J

The Windows XP version of the Stored User Names and Passwords tool doesn't have backup or restore capabilities.

What's your take?

Have you investigated the Credential Manager in Windows 7? Have you used the Stored User Names and Passwords tool in Vista or XP? What has been your experience with these tools? Do you find them advantageous? As always, if you have comments or information to share about this topic, please take a moment to drop by the TechRepublic Community Forums and let us hear from you.

Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic's Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!

About

Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.

Editor's Picks