Last week I ran into a problem where credentials were not being saved in Internet Explorer. When users enter a username and password, Internet Explorer asks to save the credentials.
Users press the “Yes” button, however when you check the Credential Vault, the Web Credentials remain empty.
The solution
After doing some troubleshooting, I found a useful command called “vaultcmd”, which can be used to manage your stored credentials. When executing the “vaultcmd /list” command, it displays the credential vault information.
C:\>vaultcmd /list
Currently loaded vaults:
Vault: Web Credentials
Vault Guid:4BF4C442-9B8A-41A0-B380-DD4A704DDB28
Location: C:\Users\username\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28
Vault: Windows Credentials
Vault Guid:77BC582B-F0A6-4E15-4E80-61736B6F3B29
Location: C:\Users\username\AppData\Local\Microsoft\Vault
At this point, I found out that the credential vault directory didn’t exist. Better yet, the “%LOCALAPPDATA%\Microsoft\Vault” directory didn’t exist at all. After creating the vault directories, Internet Explorer was able to store the credentials in the Web Credentials vault. I don’t know the reason why the vault directory is missing, but manually creating it fixes the problem. Users logging on to the environment are making use of a mandatory profile, which does not have these folders. I would expect Windows to create these folders during logon if it really needs them.
To allow Internet Explorer to store (or even ask to store) the credentials, the AutoComplete settings for “User names and passwords on forms” need to be enabled in Internet Options > Content > AutoComplete Settings:
From this settings window, you can open the Web Credentials vault as well by clicking the “Manage Passwords” button.
Scripting the solution
The environment I’m using is a large-scale Citrix XenApp farm, so thousands of users will be logging on who potentially could encounter this issue. As I’m not planning to fix this manually for each user reporting the issue, I made a small PowerShell script which checks the vault locations and creates them if needed. The script uses the “vaultcmd” command to retrieve the correct vault locations:
foreach ($line in (vaultcmd /list)) {
if ($line -match "Location: (.*?)$" -and -not (Test-Path -Path $Matches[1])) {
New-Item -Path $Matches[1] -ItemType Directory -Force
}
}
| I hope this article was useful for you. If you have any questions, please don’t hesitate to leave a comment or contact me over email. |