What the heck is Windows Vault in Windows 7?

committed to database on March 2, 2009 at 10:18 pm Eastern Standard Time 17 comments digg this

3/11 - I have pulled the “features I don’t know anything about” series and edited this post to reflect this.

King of Swiss Army Knives...With Windows 7 just half-a-dozen weeks away from being in release candidacy stages, you would think people would have a good idea of what the operating system does and doesn’t do. Yeah right. While digging through the operating system, I stumbled across a handful of features that I, and others didn’t know about. Windows Vault is one of those features.

Windows Vault

Windows Vault hub page

At first glance, the Windows Vault appears to be a snazzy new feature to allow users to store a bunch of passwords to commonly used websites and doodads and have them Just Work(tm) when using those various services.

With wanting to save my password for Facebook in mind, I visited the Windows Vault and determined I don’t want to add a Windows Credential or some type of Certificate-Based Credential (e.g. smart-card). I click Add a Generic Credential and was presented with a piece of UI asking me for my username and password. Along with these usual suspects, however, I was asked for something that seemed alien to me – A Resource. In a panic, I scanned the UI for a help button but there was none to be found. It was just me, all alone, with these boxes.

Add a Generic Credential spoke

Understanding the literal meaning of the word resource, I attempted to input quite a few values in here – URLs with and without http://, file paths, IPs, and even my favorite Ben & Jerry ice cream flavor – Nothing worked.

After fumbling around some more, I discovered Online IDs which populated my credential list with all sorts of meaningless information. Things like WindowsLive:(token):name=rafæl@withinwindows.com; serviceuri=windows_default_cred_slc and my Windows Live ID account.

Stored User Names and Passwords in Windows VistaIn discussion with Paul Thurrott, we came to the conclusion this fancy new Windows Vault stuff was merely the never-used Stored Names and Passwords feature from Windows Vista, painted over with some heavy lipstick and given a weird brand name.

Questions in my head: Why would one bring such a internal component driven feature closer to surface? How would a normal user use this feature? Were drugs involved?

  1. Bryant March 2, 2009 at 10:41 pm

    Is it documented by Microsoft? If not, they’ll probably face heat about it anyway if 7 goes RTM with this thing in tact.

    (read: you’ll probably learn more about this when you’re given a reviewer’s license of 7 right before release)

  2. Kenny Kerr March 3, 2009 at 12:48 am

    For what it’s worth, this is the new UI for the Credential Management API first introduced with Windows XP. You can read more about it in my article here:

    http://msdn.microsoft.com/en-us/library/aa480470.aspx

  3. Leo Davidson March 3, 2009 at 3:23 am

    Thanks for making me crave ice cream at 8 in the morning! :-D

  4. someone March 3, 2009 at 12:37 pm

    Yeah it’s only a glorified “Stored user names and passwords”. The resource is either a computer name or URL. Of course the bad part is the URL/site has to make use of the CredMan API (sites which use this cool UI=> http://i.msdn.microsoft.com/Aa480470.credmgmt_02(en-us,MSDN.10).gif) only then is the stored password used/filled there. Instead, if MS did a simple integration of this vault thingie with IE’s password manager, what we’d get is Keychain on OS X. But then again, Windows has always been enterprisey and Macs consumerish. Maybe someone at MS can write a plugin/connector that tied IE’s password manager to this. IE doesn’t even use PStore anymore so it’s difficult? Or some fingerprint device’s password manager ties to this one to store the passwords here and auto-fill them in IE? That would be awesome.

  5. anonymuos March 3, 2009 at 12:52 pm

    What are the other two?

  6. thedicemaster March 4, 2009 at 6:10 am

    you know, i actually had to use that feature.
    i had to manually add my exchange server password there for outlook, because the wrong address is stored there by default (local server address instead of the remote address)

  7. Jeff March 4, 2009 at 1:50 pm

    I actually use the Credential Manager on a daily basis. It is really nice if you administer multiple domains and have the same username and different passwords on different networks. The Credential Manager will override the shadow password feature to prevent your account from getting locked out, etc.

  8. Jurgen March 30, 2009 at 4:41 pm

    That’s really weird and I’m waiting for you to dig a bit deeper into that :)

  9. Dylan March 30, 2009 at 8:16 pm

    It makes a lot of sense to have this feature if it’s done well. MacOSX is a lot better for it (Keychain) certainly.

    As an aside: Macs “consumerish”, PC’s “enterprisey”? There’s nothing consumerish about having UNIX (the certified variety) as your desktop OS core.

  10. Calvin April 23, 2009 at 5:10 am

    @Dylan: Having iCandy and cowbell apps does.

  11. Daniel Steiner April 27, 2009 at 9:59 am

    This is actually for lets say, corperate users, like me – we have got a certificate based Network authentication and i dont want to join the domain – i exported the certificate, when I was on the domain, imported it after i left it and set it as authentication for the two servers… also if you use IP proxy servers you can use it ;)

Copyright(c), left, top, and bottom.
Powered by WordPress, skinned by me, with ideas stolen from Long Zheng.
RSS is fed through machines that also process peanuts and chocolate, making it much tastier.
Works on mobile devices too!