Don't cache PEAP authentication information on Win XP SP2

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Does anyone know how to disable a windows XP SP2 box from cacheing the user
id and pw when you log into a wirless provider that is using PEAP? I want to
force each user to use their own user id and pw when they access the wireless
network.

I found a solution that I can do, but I don't want my users poking around
the registry.... I found the registry key that stores the information and
have sucessfully deleted it to force the input of the credentials the next
time that the wireless network is accessed. However, it just re-creates the
registry key.... Back to square 1.

Does anyone have a solution for this??

Mike
3 answers Last reply
More about cache peap authentication information
  1. Archived from groups: microsoft.public.windows.networking.wireless (More info?)

    The credentials are cached because each time you roam you would need to
    MANUALLY reenter the credentials. I've seen several wireless drivers
    spontaneously roam when more than one access point is in range. Some of
    these devices will roam 4 or more times per minute without even moving the
    laptop an inch in any direction.

    Multiple users sharing a Windows logon session is patently unsecure. Your
    network users should have a seperate logon for each session on the local
    computer. When one users finishes, they log-off, and then the next user
    logs on. If you have deployed active directory in your enterprise, then you
    can even use the AD user credentials for automatic authentication skipping
    the prompts altogether.

    Is there a special reason why your clients must deviate from this model?

    --
    Jerry Peterson
    Windows Network Services - Wireless

    This posting is provided "AS IS" with no warranties, and confers no rights.
    "Mike McAlister" <MikeMcAlister@discussions.microsoft.com> wrote in message
    news:B9A5D968-C0D0-4D2A-80ED-98320753B6F0@microsoft.com...
    > Does anyone know how to disable a windows XP SP2 box from cacheing the
    > user
    > id and pw when you log into a wirless provider that is using PEAP? I want
    > to
    > force each user to use their own user id and pw when they access the
    > wireless
    > network.
    >
    > I found a solution that I can do, but I don't want my users poking around
    > the registry.... I found the registry key that stores the information
    > and
    > have sucessfully deleted it to force the input of the credentials the next
    > time that the wireless network is accessed. However, it just re-creates
    > the
    > registry key.... Back to square 1.
    >
    > Does anyone have a solution for this??
    >
    > Mike
  2. Archived from groups: microsoft.public.windows.networking.wireless (More info?)

    We are deploying 10 laptops into 10 cars for about 40 users that are in a
    different car everyday. There is no network to authenitcate to, other than
    the wireless routers for internet access. I just don't want to create that
    many user accounts on each laptop if I don't have to.

    The laptops are basically used to create Word and Excel documents on. We
    are in a university setting and our private network is completely standalone
    from the universitys. Thus connection through the wireless router to our
    network is not possible. My users are just wanting to access the network
    resources so that they may use a web browser to e-mail the documents to their
    supervisors rather than using the issued thumb drives to take it to the
    supervisor.

    My superiors want each person to have to authenticate to the router so that
    their web usage can be more easily tracked through the university IT
    department if needed.

    Mike

    "Jerry Peterson[MSFT]" wrote:

    > The credentials are cached because each time you roam you would need to
    > MANUALLY reenter the credentials. I've seen several wireless drivers
    > spontaneously roam when more than one access point is in range. Some of
    > these devices will roam 4 or more times per minute without even moving the
    > laptop an inch in any direction.
    >
    > Multiple users sharing a Windows logon session is patently unsecure. Your
    > network users should have a seperate logon for each session on the local
    > computer. When one users finishes, they log-off, and then the next user
    > logs on. If you have deployed active directory in your enterprise, then you
    > can even use the AD user credentials for automatic authentication skipping
    > the prompts altogether.
    >
    > Is there a special reason why your clients must deviate from this model?
    >
    > --
    > Jerry Peterson
    > Windows Network Services - Wireless
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    > "Mike McAlister" <MikeMcAlister@discussions.microsoft.com> wrote in message
    > news:B9A5D968-C0D0-4D2A-80ED-98320753B6F0@microsoft.com...
    > > Does anyone know how to disable a windows XP SP2 box from cacheing the
    > > user
    > > id and pw when you log into a wirless provider that is using PEAP? I want
    > > to
    > > force each user to use their own user id and pw when they access the
    > > wireless
    > > network.
    > >
    > > I found a solution that I can do, but I don't want my users poking around
    > > the registry.... I found the registry key that stores the information
    > > and
    > > have sucessfully deleted it to force the input of the credentials the next
    > > time that the wireless network is accessed. However, it just re-creates
    > > the
    > > registry key.... Back to square 1.
    > >
    > > Does anyone have a solution for this??
    > >
    > > Mike
    >
    >
    >
  3. Archived from groups: microsoft.public.windows.networking.wireless (More info?)

    Active Directory users would be the simplest way to implement this. Setup a
    seperate domain for your private network. Write a quick script to create
    all 40 users in active directory and join each laptop to the domain. You
    already have a RADIUS server in place, so more than likely the domain
    controller is already in place. If that is the case, this would take just a
    few minutes to setup.

    This would satisfy your per user tracking requirements. You wouldn't have
    to create a new user on each laptop. Authentication permissions could be
    centralized at the domain level. Further, you could use domain policy to
    enable per user configurations and applications. This would also be far
    more secure than the current model.

    --
    Jerry Peterson
    Windows Network Services - Wireless

    This posting is provided "AS IS" with no warranties, and confers no rights.
    "Mike McAlister" <MikeMcAlister@discussions.microsoft.com> wrote in message
    news:464E2BA5-2060-4B0D-B89D-F54850D255BE@microsoft.com...
    > We are deploying 10 laptops into 10 cars for about 40 users that are in a
    > different car everyday. There is no network to authenitcate to, other
    > than
    > the wireless routers for internet access. I just don't want to create
    > that
    > many user accounts on each laptop if I don't have to.
    >
    > The laptops are basically used to create Word and Excel documents on. We
    > are in a university setting and our private network is completely
    > standalone
    > from the universitys. Thus connection through the wireless router to our
    > network is not possible. My users are just wanting to access the network
    > resources so that they may use a web browser to e-mail the documents to
    > their
    > supervisors rather than using the issued thumb drives to take it to the
    > supervisor.
    >
    > My superiors want each person to have to authenticate to the router so
    > that
    > their web usage can be more easily tracked through the university IT
    > department if needed.
    >
    > Mike
    >
    > "Jerry Peterson[MSFT]" wrote:
    >
    >> The credentials are cached because each time you roam you would need to
    >> MANUALLY reenter the credentials. I've seen several wireless drivers
    >> spontaneously roam when more than one access point is in range. Some of
    >> these devices will roam 4 or more times per minute without even moving
    >> the
    >> laptop an inch in any direction.
    >>
    >> Multiple users sharing a Windows logon session is patently unsecure.
    >> Your
    >> network users should have a seperate logon for each session on the local
    >> computer. When one users finishes, they log-off, and then the next user
    >> logs on. If you have deployed active directory in your enterprise, then
    >> you
    >> can even use the AD user credentials for automatic authentication
    >> skipping
    >> the prompts altogether.
    >>
    >> Is there a special reason why your clients must deviate from this model?
    >>
    >> --
    >> Jerry Peterson
    >> Windows Network Services - Wireless
    >>
    >> This posting is provided "AS IS" with no warranties, and confers no
    >> rights.
    >> "Mike McAlister" <MikeMcAlister@discussions.microsoft.com> wrote in
    >> message
    >> news:B9A5D968-C0D0-4D2A-80ED-98320753B6F0@microsoft.com...
    >> > Does anyone know how to disable a windows XP SP2 box from cacheing the
    >> > user
    >> > id and pw when you log into a wirless provider that is using PEAP? I
    >> > want
    >> > to
    >> > force each user to use their own user id and pw when they access the
    >> > wireless
    >> > network.
    >> >
    >> > I found a solution that I can do, but I don't want my users poking
    >> > around
    >> > the registry.... I found the registry key that stores the information
    >> > and
    >> > have sucessfully deleted it to force the input of the credentials the
    >> > next
    >> > time that the wireless network is accessed. However, it just
    >> > re-creates
    >> > the
    >> > registry key.... Back to square 1.
    >> >
    >> > Does anyone have a solution for this??
    >> >
    >> > Mike
    >>
    >>
    >>
Ask a new question

Read More

Windows XP Wireless Networking