There is a security policy setting that does specifically what I am looking for: Network access: Do not allow storage of passwords and credentials for network authentication. By enabling this setting, VPN credentials are not stored and therefore are not used to attempt to authenticate to network resources like shared files and Exchange.

Since the issue only affects domain-member workstations, applying this setting to all of them is a simple matter of setting it with Group Policy.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>