Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Windows 7 Credential Manager and ntlm proxy authentication untrusted domain

Posted on 2016-09-12
Medium Priority
Last Modified: 2016-10-19
Hello experts

I work in an organisation where we have our own local AD and have our upstream internet provided through another section of the organisation complete seperate to us with a totally separate AD with no trust between the two and there will never be one implemented.

Our local AD username and passwords generally match the upstream ones in our parent companies AD environment but we have different domain names. Our parent company has an authenticated proxy whereby windows credential manager has been happily working and supressing the need for the end users to enter logon credentials to the web browsers when we open them until our parent company changed to an NTLM proxy.

Since they implemented the NTLM proxy all users are now prompted to logon and have to remember to put @otherdomain on the end and even though windows credential managers saves the details it prompts every time we open the browser still so its pointless it offering to save the credentials. I'm hoping there is a way to fix it so we suppress the proxy logon prompts again using credential manager or some other fix in windows. Is there a way anyone can suggest for me to somehow automatically submit a username with @otherdomain for the proxy logon for the web browsers ?
Question by:Jarrod
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 97

Accepted Solution

John Hurst earned 1800 total points (awarded by participants)
ID: 41795310
Talk to the upstream people. So far as I know, if their proxy prohibits saving passwords there is not much you can do. I see this from time to time and must remember a frequent password or keep my passwords in a password manager for ready access.

Author Comment

ID: 41795315
I don't think its so much the prohibit it its because we are in a different domain, if I use a non domain joined device credential manager seems to work ok, I would guess its my device auto submitting my domain name and it being boucned
LVL 97

Assisted Solution

by:John Hurst
John Hurst earned 1800 total points (awarded by participants)
ID: 41795321
It has nothing to do with being a domain. Some web sites will not let you store passwords either. It depends.

I would ask the upstream people for their comments on this. That is what I would do.

Assisted Solution

Jarrod earned 200 total points (awarded by participants)
ID: 41802489
I was able to get one step closer by adding a upn suffix that matches our parent company and then using it with our user accounts, our only problem is when the users passwords don't match it causes a lockout in ad for the user. So whilst I couldn't find any method to tell the browser which domain name to submit with the username I did find a potential workaround
LVL 97

Expert Comment

by:John Hurst
ID: 41824404
So how do you wish to close this question if I have assisted you?

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question