Keyring Component Description Microsoft Windows NT provides a single sign-on experience for users by allowing network providers to take a user’s credentials at login and authenticate the user to other targets. This approach might not be sufficient in every case, for example, if a user connects to an untrusted domain or uses alternate credentials to access a specific resource. Windows XP addresses this problem through the Windows Stored User Names and Passwords component, sometimes referred to as Key Manager or Keyring. This component provides credential storage and management functionality.

The Store User Names and Passwords component provides the user with a secure roamable store for credentials. Roamable implies that if the user is part of a domain with roaming profiles the credentials can be saved as part of that roaming profile. This mechanism enables users to use the Stored User Names and Passwords feature anywhere they can access their profiles.

Configuring the Component

There are no configuration requirements for this component.

The Credential Manager uses two registry values to control per-machine policy.

The following table shows the registry values under the HKLM\System\CurrentControlSet\Control\Lsa registry key:

Registry Value Type Description
TargetInfoCacheSize REG_DWORD Specifies the number of entries in the target information cache. The credential manager manages a per-logon session cache of mappings from target name to target info. The CredGetTargetInfo function obtains its information from the cache. If this value is set too small, other applications running under the logon session can flush a cache entry (by adding their own) before a cache entry can be used. If this value is set too large, an excessive amount of memory will be consumed. The default value is 1000 entries. The minimum value is 1.
DisableDomainCreds REG_DWORD Specifies whether domain credentials CRED_TYPE_DOMAIN_* may be read or written on this machine. If this value is set to 0, domain credentials function normally. If this value is set to 1, domain credentials cannot be written (a STATUS_NO_SUCH_LOGON_SESSION error message is returned to any API that attempts to write such a credential) or read (any such credential is silently ignored).

For More Information

Additional information about this component can be found in the online product Help.

]]> %11% keymgr.dll False keymgr.dll Credential Manager Tool File msvcrt.dll File netapi32.dll File advapi32.dll File dnsapi.dll File kernel32.dll File user32.dll File shell32.dll File gdi32.dll File shlwapi.dll File crypt32.dll File rpcrt4.dll File credui.dll File comctl32.dll HKEY_CLASSES_ROOT\.psw PSWFile 1 1 1 HKEY_CLASSES_ROOT\PSWFile Password Backup 1 1 1 HKEY_CLASSES_ROOT\PSWFile NoOpen 1 1 1 Key Manager 1.0 User interface for manipulating the credential manager stored credentials. 2000 Microsoft Corp. Microsoft Corp. georgema georgema 3/2/2001 9/15/2001 6:45:51 AM