What the heck is Windows Vault in Windows 7?
3/11 - I have pulled the “features I don’t know anything about” series and edited this post to reflect this.
With Windows 7 just half-a-dozen weeks away from being in release candidacy stages, you would think people would have a good idea of what the operating system does and doesn’t do. Yeah right. While digging through the operating system, I stumbled across a handful of features that I, and others didn’t know about. Windows Vault is one of those features.
Windows Vault
At first glance, the Windows Vault appears to be a snazzy new feature to allow users to store a bunch of passwords to commonly used websites and doodads and have them Just Work(tm) when using those various services.
With wanting to save my password for Facebook in mind, I visited the Windows Vault and determined I don’t want to add a Windows Credential or some type of Certificate-Based Credential (e.g. smart-card). I click Add a Generic Credential and was presented with a piece of UI asking me for my username and password. Along with these usual suspects, however, I was asked for something that seemed alien to me – A Resource. In a panic, I scanned the UI for a help button but there was none to be found. It was just me, all alone, with these boxes.
Understanding the literal meaning of the word resource, I attempted to input quite a few values in here – URLs with and without http://, file paths, IPs, and even my favorite Ben & Jerry ice cream flavor – Nothing worked.
After fumbling around some more, I discovered Online IDs which populated my credential list with all sorts of meaningless information. Things like WindowsLive:(token):name=rafæl@withinwindows.com; serviceuri=windows_default_cred_slc and my Windows Live ID account.
In discussion with Paul Thurrott, we came to the conclusion this fancy new Windows Vault stuff was merely the never-used Stored Names and Passwords feature from Windows Vista, painted over with some heavy lipstick and given a weird brand name.
Questions in my head: Why would one bring such a internal component driven feature closer to surface? How would a normal user use this feature? Were drugs involved?
Is it documented by Microsoft? If not, they’ll probably face heat about it anyway if 7 goes RTM with this thing in tact.
(read: you’ll probably learn more about this when you’re given a reviewer’s license of 7 right before release)
For what it’s worth, this is the new UI for the Credential Management API first introduced with Windows XP. You can read more about it in my article here:
http://msdn.microsoft.com/en-us/library/aa480470.aspx
Thanks for making me crave ice cream at 8 in the morning! :-D
Yeah it’s only a glorified “Stored user names and passwords”. The resource is either a computer name or URL. Of course the bad part is the URL/site has to make use of the CredMan API (sites which use this cool UI=> http://i.msdn.microsoft.com/Aa480470.credmgmt_02(en-us,MSDN.10).gif) only then is the stored password used/filled there. Instead, if MS did a simple integration of this vault thingie with IE’s password manager, what we’d get is Keychain on OS X. But then again, Windows has always been enterprisey and Macs consumerish. Maybe someone at MS can write a plugin/connector that tied IE’s password manager to this. IE doesn’t even use PStore anymore so it’s difficult? Or some fingerprint device’s password manager ties to this one to store the passwords here and auto-fill them in IE? That would be awesome.
What are the other two?
you know, i actually had to use that feature.
i had to manually add my exchange server password there for outlook, because the wrong address is stored there by default (local server address instead of the remote address)
[...] Windows experts Paul Thurrott and Rafael Rivera have been peeling back the covers on Windows 7. Underneath the surface, they’ve discovered a few features that Microsoft hasn’t detailed and disclosed, including something called the Windows Vault. [...]
I actually use the Credential Manager on a daily basis. It is really nice if you administer multiple domains and have the same username and different passwords on different networks. The Credential Manager will override the shadow password feature to prevent your account from getting locked out, etc.
[...] I have no idea why these two items, and others I can’t remember were there to begin with, or why they where removed – however they were not the only confusingly hidden ‘feature’. [...]
[...] I have no idea why these two items, and others I can’t remember were there to begin with, or why they where removed – however they were not the only confusingly hidden ‘feature’. [...]
[...] Manager and Windows Vault Last week, our friends Paul Thurrott and Rafael Rivera explored one of the untold mysteries (according to them) of Windows 7 – Windows [...]
[...] this topic.Powered by WP Greet BoxLast week, our friends Paul Thurrott and Rafael Rivera explored one of the untold mysteries (according to them) of Windows 7 – Windows [...]
That’s really weird and I’m waiting for you to dig a bit deeper into that :)
It makes a lot of sense to have this feature if it’s done well. MacOSX is a lot better for it (Keychain) certainly.
As an aside: Macs “consumerish”, PC’s “enterprisey”? There’s nothing consumerish about having UNIX (the certified variety) as your desktop OS core.
@Dylan: Having iCandy and cowbell apps does.
This is actually for lets say, corperate users, like me – we have got a certificate based Network authentication and i dont want to join the domain – i exported the certificate, when I was on the domain, imported it after i left it and set it as authentication for the two servers… also if you use IP proxy servers you can use it ;)
[...] permanent credential. Its not a full-fledged credential manager like Keychain (OS X), which can get confusing. Still pretty cool that there finally is a secure solution to my [...]
I love the “(26 printed pages)” remark … @ http://msdn.microsoft.com/en-us/library/aa480470.aspx
btw… i think drugs were involved.