Is there any GPO that can turn off caching of "generic credentials"

CGMANI 26 Reputation points

I find it ridiculous that MS has provided group policy to disable network and cert based creds, but NOT generic ones. It seems to be well documented on the internet that these "generic credentials" where O365 stores them, are the number one way 0365 accounts get compromised, and yet MS doesn't see the need to be able to disable the caching of the credentials for the corporate world. Do what you want with the home ****, but at least give admins the ability to secure their environment. I know there are scripts out there to keep clearing them from the vault, but to me that is an unacceptable answer. MS needs to provide a real administrative solution to the issue in the form of a GPO that allows the disablement of generic credentials for the corporate world.

With my rant over, if anyone has figured out a way to disable the caching of generic credentials, especially O365 credentials, I'd appreciate knowing how you did it.

A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
3,089 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Hannah Xiong 6,181 Reputation points

    Hello @CGMANI ,

    Thank you so much for posting here.

    So sorry for the inconvenience caused. We could enable the group policy "Network access: Do not allow storage of passwords and credentials for network authentication" under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options. However, it will not disable the caching of Generic Credentials.


    It is suggested that we could also disable the Credential Manager service. In my lab, I disabled the service, and below is the result.


    Here is the discussion, and we could kindly have a check.

    Thank you so much for your understanding and support.

    Best regards,
    Hannah Xiong

  2. Hannah Xiong 6,181 Reputation points

    Hello @CGMANI ,

    You are welcome. Thank you so much for your kindly reply.

    I could totally understand your situation and feeling. And I am sorry for the inconvenience caused since there is no group policy based solution for our requirement.

    I would suggest you contact Microsoft Customer Services and Support to see whether we could get an efficient solution:

    Greatly appreciate your understanding and support.

    Best regards,
    Hannah Xiong

    0 comments No comments