Windows VPN Passing VPN Credentials to File Server

Marica Khatijah 136 Reputation points

I have a situation where domain users are trying to access a file server. When they're local to the domain, no problem. When they're off-site and they're using a VPN, I found that the credential being passed to the Server is the one for the Windows built-in VPN client, NOT the domain credential.

When I go into Windows Credential Manager under "Windows Credentials," I find *session. The "*session" credential is the username and password that they use to log into the VPN that we're using, and that's the credential that's being used to try and authenticate to the file server.

For now, I've been able to keep things moving along by manually entering their Windows credential for our fileserver in the Credential Manager, but I'd like to find a better way for Windows to pass the domain credential, not the VPN one.

This happens on both Windows 10 pro and 11 pro machines. Our servers are all Server 2019.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,149 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,188 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,596 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Gary Nebbett 5,426 Reputation points

    Hello Marica,

    To suppress creation of this session wildcard credential, set UseRasCredentials to zero in the appropriate entry in the %APPDATA%\Microsoft\Network\Connections\Pbk\rasphone.pbk file (by default, the UseRasCredentials key is present and set to one when a new entry is created); search the Internet for more information on UseRasCredentials.


    0 comments No comments

  2. Limitless Technology 43,216 Reputation points

    Hello there,

    There is a security policy setting that you can use: Network access: Do not allow storage of passwords and credentials for network authentication

    By enabling this setting, VPN credentials are not stored and therefore are not used to attempt to authenticate to network resources like shared files and Exchange.

    You can get some workaround from here where similar topic were discussed


    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments No comments