Home > Uncategorized > Prevent Lync from Auto Saving of Credentials, (e.g. multi-user pc)

Prevent Lync from Auto Saving of Credentials, (e.g. multi-user pc)

I have a customer who has computers that are used with a common AD logon by multiple people. For example, a central area that a pc has a logon but that several different people might run a Lync client under the same logon profile.

The issue and scenario that might be considered problematic is: 
  • James Bond signs in to Lync on this PC and his credentials are saved, (i.e. next logon James Bond does not have to enter his credentials)
  • Money Penny signs in to Lync on this PC and his credentials are saved, (i.e. next logon Money Penny does not have to enter his credentials)
  • The problem now is that anyone can walk up to this pc and login as James Bond or Money Penny

So how can this situation be avoided and what can we learn about how the Lync client stores credentials?

The Lync client will actually receive a Lync server created certificate that is downloaded to the User local cert store. It is this certificate that contains the user’s logon credentials that are saved. There are also two local registry settings that control the prompting of a users’ credentials that need to be set if you do not want a user to be prompted for credentials.

If you have a pc that has already had people who have logged on and saved their credentials, all you need to do is configure the two registry entries on that particular machine.

However, before you do that you must first remove the Lync Server created certificates:
• Open the local certificate store on the pc – start / run / mmc / Add / Certificates (make sure to select “My User Account” and that you are logged on as the user who will need to be prompted for Lync credentials no matter who is signing in to Lync)
• Expand Certificates / Personal / Certificates
• Delete the certificates in this folder

Make this regedit change:
Turning off Save Password, (make sure the value is set to “0”):
http://social.technet.microsoft.com/Forums/en-US/ocsclients/thread/db78a39c-9ad1-4b51-b164-7969bb545da6

Make this regedit change:
Note: Make sure the value is set to “0”:
http://social.technet.microsoft.com/Forums/en-US/ocsedge/thread/c267f2ae-53ee-48e5-ab60-0686eb76c386

Reboot the PC and you should now not be prompted for credentials

Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: