When deploying a password manager, one of the first things you'll want to do is disable the built-in password manager in your browsers. This is a pretty simple task, but it's also one that's easy to forget. It's also a good idea to clear out any passwords that may have been saved before you deployed your password manager.
We automate this for the two browsers we support on managed Windows devices (Edge and Firefox) using PowerShell. Here's how we do it.
Edge
For Edge we're going to be setting the registry key at HKLM:\SOFTWARE\Policies\Microsoft\Edge\PasswordManagerEnabled to 0. This will disable the password manager for all users on the device.
Then we're going to clear out any passwords that may have been saved by deleting the contents of the Login Data file in the user's Edge profile. We'll do this by removing the file entirely.
Now in some cases you only want to do the first part (disabling the password manager) and not the second (clearing out any saved passwords). For that reason the script functionality is controlled with two switch parameters: -DisablePasswordManager and -RemoveExistingPasswords. If you run the script without either of these switches, it will do nothing.
loading...
Firefox
For Firefox we're going to be setting the registry key at HKLM:\SOFTWARE\Policies\Mozilla\Firefox\PasswordManagerEnabled to 0. This will disable the password manager for all users on the device.
Then we're going to clear out any passwords that may have been saved by deleting the contents of the logins.json file in the user's Firefox profile and any key*.db files. We'll do this by removing the files entirely.
Now in some cases you only want to do the first part (disabling the password manager) and not the second (clearing out any saved passwords). For that reason the script functionality is controlled with two switch parameters: -DisablePasswordManager and -RemoveExistingPasswords. If you run the script without either of these switches, it will do nothing.
loading...
As we don't use Chrome, Opera or Safari, we don't have scripts for those browsers. However for other chromium-based browsers a similar approach to Edge should work. It is possible to do this with Safari on MacOS as well but we haven't yet scripted it.