Fireball3 Posted September 13, 2019 Share Posted September 13, 2019 Hey guys, I'm somewhat confused. My new company machine is running W10. Prior, I was used to log in to this forum with my credentials but for some reason IE does this automatically now. I disabled the Integrated Windows Authentication although that setting shouldn't affect public sites. I disabled autocompletion for usernames and passwords and checked the stored information - all empty. I deleted cookies and temp files, it still logs me in at startup. How does this work? Thanks in advance for the insights. Quote Link to comment
bastl Posted September 13, 2019 Share Posted September 13, 2019 First google search came up with the following: Quote Add, remove, edit, backup, restore Stored User Names and Passwords in Windows 10 The Stored User Names and Passwords in Windows lets you securely manage user names and passwords as a part of your profile. It lets you automatically enter saved user names and passwords for various network resources, servers, websites and applications, to authenticate yourself. In this post we will see how to add, remove, edit, backup, restore Stored User Names and Passwords & Credentials in Windows 10/8/7. rundll32.exe keymgr.dll,KRShowKeyMgr https://www.thewindowsclub.com/stored-user-names-and-passwords-windows Quote Link to comment
Fireball3 Posted September 13, 2019 Author Share Posted September 13, 2019 Yes, and unfortunately No. Those are the credentials stored for the IWA (integrated windows authentication) The stored values at that place don't work for unRAID forums. The same entries can be found in IE when going to: Options, Content, Autocomplete, Manage Passwords (free translation, my OS is not English) There you can find a second category called Web-credentials or so. Shows no entries on my side. Quote Link to comment
bastl Posted September 13, 2019 Share Posted September 13, 2019 @Fireball3 I know from Firefox that a stored cookie is enough for the unraid forums to be auto logged in. Have you tried to clean the cache and cookie stuff in IE? Long time ago that I've used the IE to tell you where you can find it. Quote Link to comment
Fireball3 Posted September 13, 2019 Author Share Posted September 13, 2019 I'm deleting these locations after closing my IE sessions before shutdown. del /q /s "C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\*.*" del /q /s "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\*.*" del /q /s "C:\Users\user\AppData\Local\Temp\*.*" Quote Link to comment
bastl Posted September 13, 2019 Share Posted September 13, 2019 (edited) I checked my setup where I never used IE before. The default path for the cache is "C:\Users\username\AppData\Local\Microsoft\Windows\INetCache\". Did you tried the option in the settings to remove the cache and history by closing the IE? There is an extra Option for "allow caches and databases for websites" which is ticked by default. Sry, german UI but it looks like the following: Maybe there are some other places storing logins and cookies. Edited September 13, 2019 by bastl Quote Link to comment
Fireball3 Posted September 16, 2019 Author Share Posted September 16, 2019 (edited) Yes, I have set the same settings. Edit: Checked it to be 100% sure... The setting to "Delete browser history" does NOT remove temporary files. Check yourself, go to "C:\Users\username\AppData\Local\Microsoft\Windows\INetCache\" and you will find lots of files in \Content.IE5\ and \Ie\. I don't trust that setting and run a batch to delete the files. Still, logs me in, even if all is deleted. Edited September 16, 2019 by Fireball3 Quote Link to comment
bastl Posted September 16, 2019 Share Posted September 16, 2019 Are you using a Windows user account or a local account? The Microsoft account syncs all kind of stuff. I wouldn't be surprised if it syncs all the login credentials you maybe have saved on an old installation. Just an idea. Best solution might be to stop using the Internet Explorer 😂 Btw. does it still get's updates? I think I've read something that MS will stop the support for it with the ongoin development and implementation of Edge. Quote Link to comment
Fireball3 Posted September 16, 2019 Author Share Posted September 16, 2019 As I mentioned, this is the company machine. I don't know what the IT guys configured in detail. I see the whole "security" tab is missing in my options and a notice says that some settings are controlled by the sysadmin. They prevent the use of other browsers than IE and Edge. Quote Link to comment
bastl Posted September 16, 2019 Share Posted September 16, 2019 Ok. If it's a machine connected to a domain your profil with all it's settings might sync in the backround from a company server. Usually with every logoff or reboot this profil should sync back to the server and save any changes you made. Not actual sure if it's possible to setup by the admin in a way that login credentials are only allowed to add and change and disallowed to remove. I know for fileshares it's possible to set it up this way. The user is allowed to ad files, change existing files but aren't allowed to remove them. Sounds stupid, i know but there might be usecases for this. Not actual sure if it's possible for the credential store. Another possibility is that your companies firewall/proxy configuration caches all sorts of cookies and session information and kinda Man-In-the-Middle checks all the traffic from the clients. Lots of enterprise equipment still intercepts the connections to analyse for bad traffic and often breaks logins and webservices on non company networks. Have you tried to use a portable version of a browser like firefox? No need to install, everything is stored in a single folder, let's say on the desktop. If you don't need it anymore, delete it, an everything is gone. Sure this isn't the solution for your main problem to delete the stored credentials but maybe helps to prevent future issues. Quote Link to comment
Fireball3 Posted September 16, 2019 Author Share Posted September 16, 2019 Yes, for some time I had a portable Firefox working but they updated the anti virus and now it will delete any version of a portable browser if it is executed. I noticed, when I actively log off from the forum, I won't be logged in automatically next time. Quote Link to comment
bastl Posted September 16, 2019 Share Posted September 16, 2019 Just a question, are you even allowed to use the internet for private stuff on your work machine? Depending on which industry you're working, I can understand why the admins wanna prevent their user to accessing personal stuff with portable browsers. One single click on the wrong page or an personal email and the desaster is there. Quote Link to comment
Fireball3 Posted September 16, 2019 Author Share Posted September 16, 2019 Yes, it is allowed as long as it's not excessive and the first disaster happened some years ago. By that time webmail access was still allowed and somebody launched one of those encrypting malwares that he received on his private mail. It started encrypting shares on the server ... Webmail is blocked since. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.