Viewing cached credentials, clearing cached credentials, preventing cached credentials

Viewing cached credentials, clearing cached credentials, preventing cached credentials

Microsoft Windows caches domain credentials. This article applies to Windows 7 and 8. Click here for the Windows 10 version of this article.

Windows caches domain credentials (usernames and passwords). See Microsoft article KB913485 for details. These credentials are stored on the local computer’s registry.

Viewing cached credentials: In the registry, grant your user account full permission to HKEY_LOCAL_MACHINE\Security. By default, only the System account has permission to the Security key. Refresh Regedit (you may need to close and relaunch Regedit.) Then open the key. You can view the cached credentials under HKEY_LOCAL_MACHINE\Security \Cache. Up to ten credentials can be cached, and these are stored in the values NL$1 thru NL$10.

Clearing cached credentials: Zeroing out the NL$x binary value will clear the cached credential.

Preventing cached credentials: Deleting the NL$1-NL$10 binary values will prevent credentials from being cached.


Designing CyberSecurity | Weekly Blog Series

Designing and architecting security? Join our weekly conversation on what hackers can learn from artists and designers.

Posted by