The password store on Windows 2008 / Vista

I always recommend a profile management system for Citrix XenApp installations; the free Flex Profile Kit is a favourite, but I recently implemented AppSense Environment Manager (EM) for profile management on Windows 2008 Server and found that Internet Explorer passwords were not being saved. After some investigation I found that the password store is handled very differently in Windows 2008 Server and Vista.
In Windows 2008/Vista the password store in the user’s profile is not roamed, even though it is in the roaming folder… that makes lots of sense…
From what I can gather the Microsoft method is to use Certificate Services which is configured via GPO and saves credentials to the user’s AD object. See this article and this article.
From an AppSense EM perspective the “Manage Certificates” personalisation option saves IE passwords, so this is the easiest option.
A second method of saving IE passwords using AppSense or Flex Profiles is to save the Protect folder from the user’s profile at logoff and restore it at logon. I have tested this and it works perfectly.
The piece of data that needs to be saved from the user’s profile is the folder %userprofile%\AppData\Roaming\Microsoft\Protect

3 Comments

  1. Adam says:

    Thank you for this. I have been struggling to capture the password store using Appsense EM for the past week until I found this post.

  2. Anonymous says:

    Hi, so its just that folder and nothing else?

  3. Marcin says:

    Hi,

    Thanks for article, but It is possible copy this data from %userprofile%AppDataRoamingMicrosoftProtect to another server and everything be works correctly. thanks for reply.

Leave a Reply

Contact Deptive

Location
Deptive - Commercial Bay
11-19 Customs Street West St
Commercial Bay Tower, Level 17, Room 1715
Auckland 1010
We also have a virtual office in Wellington.

Contact Details

0800 000 141

Postal Address
PO Box 34797,
Birkenhead, Auckland 0746