1

Back when I was working for my ex-company, I was a standard user on the laptop and I tried to run Windows Credential Manager but it wouldn’t run. So I went into Start Menu → typed in Windows Credential Manager → it simpyl wouldn’t run / start up. No errors, nothing, just wouldn’t do anything.

Was this a GPO? How can I replicate this? Thank you

3 Spice ups
2

Is the credential manager service running?

Startup type should be manual but it should be running.

image
image402×381 9.85 KB
2 Spice ups
3

I can’t check on my company laptop coz I haven’t worked there for 2 years now

1 Spice up
4

I believe you can block the storing of passwords and credentials through GPO, but that doesn’t prevent users from accessing the Credential Manager UI. To do that, you’ll need to implement a registry setting:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\CredentialUI]
"DisableCredentialManager"=dword:00000001
1 Spice up
5

That was probably not GPO related, but maybe they had a security program that blocked it? Do you remember if it prompted for UAC elevation or just flat-out said can’t do it? If the former, could have been software, if the later the service was likely down and couldn’t be restarted.

6

No UAC prompt at all, it just wouldn’t start up, as if you hadn’t tried to launch it in the first place.

1 Spice up
7

That sounds like a broken Windows install/disabled service to me. It is possible that the IT group intentionally disabled that service to prevent use, however.

8

I finally found the article that discusses blocking storage of credentials in Credential Manager:

However, as I mentioned earlier, this doesn’t block access to the Credential Manager UI itself, and to the best of my knowledge, that can only be done via registry setting.

1 Spice up
9

I tried this and it didn’t work.

1 Spice up
10

It really seems like you’ve run into a situation with a malfunctioning Windows installation or perhaps a service that’s been turned off. There’s a chance that the IT team deliberately disabled that particular service, maybe as a measure to restrict its use.

1 Spice up
11

I’m inclined to agree with you, except if it was a disabled service, the UI would still launch but with errors:

image
image815×377 43.9 KB

OP is stating nothing happened at all when attempting to launch, so I’d have to guess at either corruption or some other block through some other IT application outside of GPO on the old company laptop.

1 Spice up
12

I wonder if your former employer may have been using AppLocker and also somehow suppressed the “blocked by your system administrator” dialogue.

Depending on how it’s called an executable can be blocked with no visible warning (aside from an entry in Event Viewer).

Example: our VMS app. The executable linked to the desktop shortcut calls a second executable (that is blocked by AppLocker). Net result is that nothing appears to take place until reviewing Event Log.

3 Spice ups
13

Can I replicate this on a VM running Windows 11 Pro? Just for testing purposes.

1 Spice up
14

By the way I love AppLocker, it’s such a great technology. Altho I use Kaspersky’s version of it called Application Control. Nevertheless AppLocker is by far one of the most effective prevention strategies they’'ve ever come up with

1 Spice up
15

Replicate what, exactly?

1 Spice up
16

When Microsoft Store is disabled by GPO or broken, it acts a lot like the description, so I’m inclined to agree with you, however, that’s a “modern” Windows app, not a built-in OS feature. I’m leaning towards registry mod from a GPO at this point.

17

…someone’s still trusting Kaspersky since the Ukraine invasion and Russian takeover??

18

Yes, I do. I don’t partake in politics btw.

1 Spice up
19

That’s not political, it’s common sense and best practice. That’s why so many Chinese hardware devices have been blacklisted in the US. Same diff, different language.

1 Spice up
20

Oh I misunderstood sorry. I am not in the US, my country isn’t involved in anything where Kaspersky being Russian would matter. Also I’m not a business lol, just some dude on the Internet.

1 Spice up