This article was previously published under Q281660
This article has been archived. It is offered "as is" and will no longer be updated.
Windows XP introduces a new behavior which makes it easier to access resources that require credentials other than the logged-on user's credentials. This article describes the functionality and expected behavior of Stored User Names and Passwords.
Stored User Names and Passwords is a mechanism that dynamically and manually creates credential sets (a user name and password) for resources. This functionality is available from the graphical user interface (GUI) and from the command line. The types of credentials that you can manage with Stored User Names and Passwords are:
User names and passwords
X.509 certificates (smart cards)
Note: Windows XP Home Edition stores only Remote Access Services/Virtual Private Networking and Passport credentials. If you use a restricted user account to log on the computer, follow these steps:
Click Start, click Run, type Control Userpasswords2, and then press ENTER.
Click the Advanced tab, and then click Manage Passwords.
The most common scenarios for using Stored User Names and Passwords is when a user attempts to access one of the following:
Resources in an untrusted domain
Resources with alternative credentials
A Web site with a password
A Web site with a certificate
To access these credentials in Control Panel:
Windows XP Home Edition or Windows XP Professional in a workgroup:
In the User Accounts tool, select the logged-on user account.
Windows XP Professional in a domain:
In the User Accounts tool, on the Advanced tab, click Manage Passwords.
In Stored User Names and Passwords, keys are created dynamically and manually.
DYNAMIC keys are created in the following way:
A user attempts to connect to \\server\share.
The user's logon credentials are attempted. If these do not gain access, Stored User Names and Passwords prompts.
Credentials are put in Stored User Names and Passwords after it successfully connects, or if Cancel is clicked on a returned error message.
The following options are available for the Stored User Names and Passwords prompt:
Remember my password
MANUAL Keys are created in the following way:
Start the Stored User Names and Passwords tool in Control Panel.
Type the appropriate information in the boxes:
Server: Use the hostname, FQDN, wildcards, and so forth.
User Name: Domain\Username; Machine\Username; UPN.
Password: Type the password.
Stored User Names and Passwords connection objects (keys) can be created manually to various entities:
specific resource: server.domain.forest.com
less specific set of resources: *.domain.forest.com (all resources in domain.forest.com)
very general set of resources: *.forest.com (all resources in forest.com)
If there are multiple credentials that can apply to a target resource, Stored User Names and Passwords in Windows XP SP1 and later uses the most specific credential. For example, a user attempts to connect to \\server, which is server.domain.forest.com. The user may have credentials for the server, *.domain.forest.com, and *.forest.com. In this scenario, the most specific credential applicable is for the server itself, so that is the one used.For more information about Stored User Names and Passwords, click the following article number to view the article in the Microsoft Knowledge Base:
281249 Stored user names and password credentials are stored for the lifetime of the logon session
CredMan Credential Manager Windows Keyring SUN&P credentials