Password Caching in Windows for Workgroups

This article was previously published under Q90271
This article has been archived. It is offered "as is" and will no longer be updated.
In Windows for Workgroups, password caching is a feature that maintains alist of the passwords you have used and the resources to which they apply.Passwords are saved and retrieved transparently to the user. The passwordcache facilitates restoration of connections to shared resources when youlog on.

This article describes the functionality of file caching in Windowsfor Workgroups.

Password List File

When you log on to Windows for Workgroups, the network driver looks up yourusername in the [Password Lists] section of SYSTEM.INI. This entry givesthe path to your password list file (PWL), which is encrypted to maintainsystem security. Part of this file is decrypted using your logon password.If the decryption is successful, your password cache file is unlocked. Whenyou log off, the password to your PWL file is erased from memory.

If there is no SYSTEM.INI entry for your username, or if the file namedthere doesn't exist, a new PWL file is created for you, initially with nopasswords in it. Windows for Workgroups asks you to confirm your logonpassword before it encrypts your PWL file.

When you need to establish a connection to a network resource (eitherexplicitly, from the Connect dialog box, or implicitly, at logon), thenetwork driver first attempts to make the connection with a blank password.If the resource requires a password, the network driver then searches yourPWL file for an entry corresponding to the resource to which you areconnecting. That password is used on the next attempt to make a connection.If there is no entry in the file for the resource, or if the passwordrecorded in the file is not correct (if, for example, the owner of theserver changed the password), a password prompt is displayed.

Whenever a password prompt is displayed, and the password you type turnsout to be the correct one for the resource, it is saved in your PWL filefor later use. If the server is running with share-level security (thisapplies to Windows for Workgroups servers and to some Microsoft LAN Managerservers), the server name and share name are recorded in the PWL file. Ifthe server is running with user-level security, the password you used worksfor any share on that server, so a separate record containing only theserver name is created.

Additionally, if you choose to have your logon validated at a LAN Managerdomain controller, your LAN Manager logon password is stored in your PWLfile also, so that the only logon password you need to type is the one thatencrypts the PWL file.

NOTE: If a Windows for Workgroups client belongs to a workgroup and adomain, and is using the same password (which may be cached) to logon, aproblem may occur if the passwords expire at different times and are nolonger synchronized. This can occur if the Windows for Workgroupsadministrator enforces password changing (also called "aging"). The user isprompted to change the workgroup password, but not the domain password.When the domain password eventually expires, the user may not be able toremember it and may not be able to logon to the domain.

How to Prevent the Saving of a Password in Your PWL File

Sometimes you may not want Windows for Workgroups to save a password. Toprevent the saving of a password, clear the Save This Password In YourPassword List option in the Enter Network Password dialog box. Next timeWindows for Workgroups attempts to connect to this resource, anotherpassword prompt appears.

If you connect from the MS-DOS prompt (using the NET USE command), use the/SAVEPW:NO option to prevent Windows for Workgroups from recording thepassword in the PWL file.

If you connect without saving the password, Windows for Workgroups does notadd the password to your PWL file, but it does not delete the password ifit's already in the PWL file.

To disable password caching and prevent your PWL file from being accessed,add the following line to the [NETWORK] section of the System.ini file:

PWL File Limits

Windows for Workgroups does not limit the length of time a passwordremains valid. The PWL file is limited to 255 password entries. Oncethere are 255 entries in the PWL file, adding another password causesWindows for Workgroups to delete the oldest password. Each time apassword entry is used to make a connection, it's marked as the"newest" entry, so frequently-used passwords are not the firstcandidates for removal.

Password Caching Does Not Work When You Connect Using a UNC Name

If you try to open a file on a password-protected share by typing the UNCname, password caching is not activated, so Windows for Workgroups cannotmake later connections for you. This happens because password caching isdone by the network driver, at the user interface (UI) level (the UI levelis where most interaction with the password cache occurs in Windows forWorkgroups). To make it possible for password caching to be available inall circumstances, it would need to be implemented in the redirectorinstead of at the UI level. Password caching at the redirector level wouldhave made Windows for Workgroups more complicated, due to the additionalinterfaces, which would result in slower connection time. Password cachingat the redirector level would also increase the amount of memory used bythe basic and full redirectors, leaving less available memory for other MS-DOS-based applications.

Location of the PWL File

Your PWL file can reside on any directory that Windows for Workgroups canaccess without a password. If you move your PWL file, you must edit the[Password Lists] section of your SYSTEM.INI file so it lists the correctpath. If you want to put the PWL file on a network server, there are somerestrictions:
  1. Because persistent connections are not restored until after the PWL file is open, if the file is to be stored on a Windows for Workgroups or LAN Manager server, you must type the path in UNC format, such as \\server\share\user\user.pwl (rather than x:\user\user.pwl).
  2. Because the file is accessed using UNC when it is located on a network server, the server or share cannot require a password to connect. Additionally, Because the PWL file is not yet open, caching the password for the file's location does not help.
  3. If you do not have write access to the server, you cannot save any new passwords in your PWL file.
"Microsoft Windows for Workgroups User's Guide," version 3.1, page 144
3.10 universal naming convention

Article ID: 90271 - Last Review: 12/04/2015 09:18:49 - Revision: 2.0

Microsoft Windows for Workgroups 3.1, Microsoft Windows for Workgroups 3.11

  • kbnosurvey kbarchive KB90271