Microsoft Windows caches domain credentials (usernames and passwords). See Microsoft article KB913485 for details. These credentials are stored on the local computer’s registry.
Viewing cached credentials: In the registry, grant your user account full permission to HKEY_LOCAL_MACHINE\Security. By default, only the System account has permission to the Security key. Refresh Regedit (you may need to close and relaunch Regedit.) Then open the key. You can view the cached credentials under HKEY_LOCAL_MACHINE\Security \Cache. Up to ten credentials can be cached, and these are stored in the values NL$1 thru NL$10.
Clearing cached credentials: Zeroing out the NL$x binary value will clear the cached credential.
Preventing cached credentials: Deleting the NL$1-NL$10binary values will prevent credentials from being cached.Posted by