Date: Fri, 29 Dec 1995 21:00:00 -0800 From: Rich Graves <win95netbugs-owner@lists.stanford.edu>By default, Windows stores all network and dialup passwords in world-readable .PWL files. Even if Microsoft successfully resolves the serious .PWL encryption bugs that make password storage totally insecure (which they have promised to do for Win95, but not for Windows for Workgroups), this default "password caching" behavior is inappropriate for many sites.
To turn it off for Windows for Workgroups, add the following to SYSTEM.INI [Credit Jim Carlson]:
[NETWORK]
passwordcaching=no
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ Network\DisablePwdCachingThis gets a binary value of 1 [Credit Malcolm G. Miles].
Here's a simple RegEdit script to accomplish the above. Save it as NOCACHE.REG and run it from either DOS (in a network login script, for example) or Windows.
REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network] "DisablePwdCaching"=dword:00000001Note that there are *three* nonblank lines. The second nonblank line ends with the right bracket and the third starts with the double quote; what you're seeing is *not* a line broken at column 80.