First published on TECHNET on Jan 14, 2016
We recently discovered an issue with the with the Lync 2013\Skype for Business GPO (Group Policy Object) that controls a user's ability to save their password. The Group Policy setting in question is SavePassword and is used to control the ability to prevent users from checking the "Save my password" box. Prior to this update, the SavePassword GPO would uncheck the "Save my password" checkbox, but would leave the box exposed so that users could simply recheck the box.
This issue was resolved with the addition of a new GPO titled AllowSavePassword as detailed in
. This new setting must be used IN COMBINATION with the SavePassword GPO as described in the KB. The AllowSavePassword registry when set in proper combination with SavePassword, will remove the "Save my password" checkbox from the Sign In UI.
You may need to perform additional steps if you wish to force users to enter credentials every time they log in to Lync or Skype for Business. Lync\Sfb saves a certificate in the users Personal certificate store, and this certificate (if present) may need to be removed to prevent the client from automatically logging in. This certificate can be viewed using the certificate MMC, should be of type Client Authentication, and will contain the users SIP address (for example, firstname.lastname@example.org). The
utility can also be used to view and delete certificates.
encourage you to test this GPO, any associated registry keys, and any other modifications (including modification or removal of any certificates) in your lab or test environment.