What does Persistence Enterprise mean in Credential Manager

Hi,

We are planning to map network drives for all the users. Since, this environment is not in domain We need are not able to use the domain credential for the same network shares.

We have a synology devices in workgroup now I need to map the respective drives by Team wise using Group Policy.

Instead of sharing credential I found a way to store the credential in all the users PC with batch file using the below command

cmdkey /add:DeviceName /user:UserName /pass:Password

I am planning to put this as a logon script using group policy before I do so I have a question. Please see the below screenshot by running the above command credential manager automatically define persistence as Enterprise

Now my question is What does Persistence Enterprise mean in Credential Manager?

2 Likes
  1. Based on my knowledge, Persistence means the persistence of this credential. The value of Enterprise means the credential persists for all subsequent logon sessions on this same computer and it is visible to other logon sessions of this same user on this same computer and to logon sessions for this user on other computers. In other words, it do persist after logoff or reboot.
  2. Generic credentials are defined and authenticated by applications that manage authorization and security directly instead of delegating these tasks to the operating system. For example, an application can require users to enter a user name and password provided by the application or to produce a certificate to access a website. What’s more, generic credentials are different from Windows credentials where you can manage all windows credentials, since they are authenticated by programs that manage security on their own rather than sending it to the Operating System. If you are not sure of using any application program or website by that name, please delete the virtual app user in Generic credentials.
  3. Credential Manager allows you to store credentials, such as user names and passwords that you use to log on to websites or other computers on a network. Domain credentials are used by the operating system and authenticated by the Local Security Authority (LSA).
1 Like

Hi @umer,

Thanks for the explanations.

I also want to share my findings on this topic. I hope it will be helpful to others

net use w: \myserver\fileshare /user:MyID MyPassword I would choose logon script placed at startup folder

Persistent Enterprise means the credential persists for all subsequent logon sessions on this same computer

enterprise means this network part of business network by Microsoft default, there are two value Local computer and enterprise

2 Likes

Credential Manager is the place where Windows maintain all the password for your device. There are two category in Credential Manager. One is Web Credential which store all of your online credential like for example you are signing to any website online which requires to put login and password, once your enter your password you will be given one option to save your credential. When you proceed those credential are saved on the Web Credentials.

On the other hand, Windows Credentials which store all the credential related to your device applications for example your Microsoft application login and password, your local server password, network share password etc.,

By going to Web Credentials and Windows Credentials you can see the list of credential stored by the Windows. You can remove those credential and if required windows will save it for your when you login to the particular application on local or online.

Persistence means using the command line like CMD or PowerShell code you may save some credential on your device which won’t be removed by the Windows during the restart.

Hope this helps

The “Persistence Enterprise” setting is intended for credentials accessible to all users on a single device, like those for network shares or universally installed applications. Conversely, the “Local computer” setting is designed for credentials exclusive to the current user, such as those for personal websites or applications.

The distinction between “Persistence Enterprise” and “Persistence Domain”. The latter operates similarly to “Persistence Enterprise” but extends access to other domain users. This proves advantageous for shared resource credentials necessitating collaboration among domain users.

In the context of Windows Credential Manager, the term Persistence: The enterprise is the security mechanism which uses the credentials stored in their infrastructure.

  1. Persistence Types:

    • When you save credentials (such as usernames and passwords) in Windows Credential Manager, you can specify the persistence type for those credentials.
    • There are two primary persistence types:
      • Enterprise: This is to say that it stays relevant without the need for a new logon each time an individual logs in (but only on the same computer). The second thing to keep in mind is that the screen maxed is visible to the same user on the same computer and to the other logon sessions on other computers. In other words, it stays in the computer’s memory even after the username is entered and a logoff occurs or when the system is rebooted.
      • Local Computer: This type of persistence restricts the credential to the current logon session on the local computer. It won’t be visible to other logon sessions or on other computers.
  2. Use Cases for Enterprise Persistence:

    • Business Networks: The “Enterprise” persistence is typically used in business network environments where users need to access shared resources across multiple sessions and computers.
    • Single Sign-On (SSO): Enterprise persistence ensures that users don’t have to re-enter their credentials repeatedly when accessing network resources during their workday.
    • Remote Desktop Connections: If you’re using Remote Desktop to connect to other machines, it’s often beneficial to use “Enterprise” persistence for seamless authentication.
  3. Changing Persistence Type:

    • Unfortunately, you cannot modify the persistence type for existing credentials directly.
    • However, you can create new credentials with the desired persistence type using PowerShell. For example:
      New-StoredCredential -Target MyServer -UserName MyUser -Password MyPassword -Comment "Remote Desktop" -Persist Enterprise
      
      Replace MyServer, MyUser, and MyPassword with the appropriate values for your use case.

Remember that choosing the right persistence type depends on your specific requirements and the network environment you’re working in. If you’re dealing with shared resources across sessions and computers, “Enterprise” persistence can be quite useful!