Last Updated on January 20, 2022
If users report that their saved credentials in Google Chrome or Internet Explorer launched through Citrix are not roaming with their sessions, however, within an active session, saved credentials persist then there are strong reasons to doubt that files and folders that hold saved username and password are not part of users’ roaming profile.
Roaming saved credentials is easier now but it wasn’t the case few years back. You can find an interesting battle of thoughts to achieve the persistence of saved credentials right here. Comments from Eastwood Clinton and Jeremy are worth a mention. That was past, let’s see how do we do it today for Internet Explorer and Google Chrome.
Retain saved Username and Password in Internet Explorer
- Add %LOCALAPPDATA%\Microsoft\Vault in “Folders to Mirror” policy
- Add following paths to “Folders to synchronize” policy
- %LOCALAPPDATA%\Microsoft\Credentials
- AppData\LocalLow\Sun\Java\Deployment\security
- Third step is not required in most cases, however, you may find that Vault folder inside %LOCALAPPDATA%\Microsoft\ is not getting created or 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 and UserProfileRoaming folders are not getting created inside Vault folder. I have noticed that if Vault folder is created successfully by either windows or through some manual process like a logon script then 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 and UserProfileRoaming will definitely be created without any manual intervention.
- I would recommend creating the Vault folder first and test whether those two sub-folders shows up inside Vault or not. We will use Group Policy Preference or GPP in short for this. Edit the GPO that applies to users in concern. I would choose the GPO that applies to all VDAs where I have disabled the computer configurations and Loopback Processing is set to Replace (Merge is also an option). The shorter version of following steps is described in CTX213190.
-
- Go to User Configuration/Preferences/Windows Settings/Folders.
- Right Click and select New and then Folder.
- Select Update in Actions
- Set %LOCALAPPDATA%\Microsoft\Vault as the Path
- Go to Common Tab and check “Run in logged-on user’s security context” and ” Apply once and do not reapply”
- Click on Apply and then OK.
- Now if 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 and UserProfileRoaming are not getting created inside Vault and create/modify the logon script with following commands:
- IF NOT EXIST “%LOCALAPPDATA%\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28” MD “%LOCALAPPDATA%\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28”
- IF NOT EXIST “%LOCALAPPDATA%\Microsoft\Vault\UserProfileRoaming” MD “%LOCALAPPDATA%\Microsoft\Vault\UserProfileRoaming”
-
- I would recommend creating the Vault folder first and test whether those two sub-folders shows up inside Vault or not. We will use Group Policy Preference or GPP in short for this. Edit the GPO that applies to users in concern. I would choose the GPO that applies to all VDAs where I have disabled the computer configurations and Loopback Processing is set to Replace (Merge is also an option). The shorter version of following steps is described in CTX213190.
Retain saved Username and Password in Google Chrome
- “Login Data” file holds saved credentials in Chrome.
- Add “AppData\Local\Google\Chrome\User Data\Default\Login Data” to “Files to Synchronize” policy.
- If Chrome is not prompting to save credentials then delete “Login Data” and “login data-journal” files from C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default. Chrome will automatically recreate them. It is fine if any one of those files is not available at that location.
If the saved credentials do not persist in Citrix session even after doing all of this then let me know in comments.
Be the first to reply