Key Manager

The Key Manager component provides credential storage and management functionality.

This component provides the user with a more secure searchable store for credentials. If the user is part of a domain with roaming profiles, the credentials can be saved as part of that profile. This mechanism enables users to use this component anywhere they can access their profiles.


There are no services associated with this component.

Associated Components

No other components interact with this component.


There are no configurable settings for this component.


The credential manager uses two registry values to control per-machine policy.

The following table shows the registry values under the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa registry key.

Registry valueTypeDescription
TargetInfoCacheSizeREG_DWORDSpecifies the number of entries in the target information cache. The credential manager manages a per-logon session cache of mappings from target name to target info. The CredGetTargetInfo function obtains its information from the cache. If this value is set too small, other applications running under the logon session can flush a cache entry before a cache entry can be used. If this value is set too large, an excessive amount of memory will be consumed. The default value is 1000 entries. The minimum value is 1.
DisableDomainCredsREG_DWORDSpecifies whether domain credentials CRED_TYPE_DOMAIN_* may be read or written on this computer. If this value is set to 0, domain credentials function as usual. If this value is set to 1, domain credentials cannot be written (a STATUS_NO_SUCH_LOGON_SESSION error message is returned to any API that attempts to write such a credential) or read (any such credential is silently ignored).

© 2006 Microsoft Corporation. All rights reserved.