There is a security policy setting that does specifically what I am looking for: Network access: Do not allow storage of passwords and credentials for network authentication. By enabling this setting, VPN credentials are not stored and therefore are not used to attempt to authenticate to network resources like shared files and Exchange.
Since the issue only affects domain-member workstations, applying this setting to all of them is a simple matter of setting it with Group Policy.
Leave a Reply