This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I have a situation where domain users are trying to access a file server. When they're local to the domain, no problem. When they're off-site and they're using a VPN, I found that the credential being passed to the Server is the one for the Windows built-in VPN client, NOT the domain credential.
When I go into Windows Credential Manager under "Windows Credentials," I find *session. The "*session" credential is the username and password that they use to log into the VPN that we're using, and that's the credential that's being used to try and authenticate to the file server.
For now, I've been able to keep things moving along by manually entering their Windows credential for our fileserver in the Credential Manager, but I'd like to find a better way for Windows to pass the domain credential, not the VPN one.
This happens on both Windows 10 pro and 11 pro machines. Our servers are all Server 2019.
Hello Marica,
To suppress creation of this session wildcard credential, set UseRasCredentials to zero in the appropriate entry in the %APPDATA%\Microsoft\Network\Connections\Pbk\rasphone.pbk file (by default, the UseRasCredentials key is present and set to one when a new entry is created); search the Internet for more information on UseRasCredentials.
Gary
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello there,
There is a security policy setting that you can use: Network access: Do not allow storage of passwords and credentials for network authentication https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd349805(v=ws.10)#network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication
By enabling this setting, VPN credentials are not stored and therefore are not used to attempt to authenticate to network resources like shared files and Exchange.
You can get some workaround from here where similar topic were discussed https://social.technet.microsoft.com/Forums/windows/en-US/0204464d-e32d-4584-966b-60788cce0d6f/disable-creation-of-vpn-quotsessionquot-credential-in-credential-manager-without-disabling-all?forum=winserversecurity
--------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer–