Open topic with navigation

Security credentials

When a client machine attempts to access a source or target machine running on Windows, it will attempt to automatically logon to the source or target using the three methods below.

• The security credentials of the user currently logged into the client machine are sent to the source or target machine. From the security credentials, the source or target machine determines if the user is a member of the security groups and if so, grants the appropriate level of access.

• The last valid set of credentials (credentials previously granting either Administrator or Monitor level access) used to access each machine is recorded in the registry of the client machine. If the logon attempt using the credentials of the user currently logged in fails, a set of credentials is retrieved from the registry and is sent to the source or target. The source or target checks the validity of the credentials and determines if the user is a member of one of the security groups and then grants the appropriate level of access.

  You can disable the feature that maintains the security credentials in the registry.

   

• Each valid set of credentials (credentials previously granting either Administrator or Monitor level access) used by the client application is recorded in a memory-resident credentials buffer maintained by the client application. If the logon attempts using the credentials of the user currently logged in or those credentials stored in the registry fails, a set of credentials is retrieved from the client application’s credentials buffer and is sent to the source or target. This process is repeated until a valid set of credentials is found or the credentials buffer is exhausted.

  The credentials buffer is cleared each time the client application is closed.

   

The client tries each of these three methods until a set of credentials granting Administrator access is found. If no credentials granting Administrator access are found, the client attempts to find a set of credentials granting Monitor access. If no credentials grant Monitor access, the user must manually logon to the source or target by providing a user name, password, and domain.

If a user name exists both on the local machine and on the network, Windows first attempts to login to the machine with the local user name and password and ignores the domain. If this fails, it then tries to login with the network user name, password and domain.