Esko Logo Back to Esko Support
Choose your language for a machine translation:


Since WebCenter 18.1, there is an option available to WebCenter Administrators that allows them to enable/disable prepopulating of user credential fields (shown to user at approval submission and/or task completion time as well as on the login page - based on the configuration of the application) by the browser.

All modern browsers have a "Password Management tool" that allows users to remember their username and password values for specific sites. This also applies to WebCenter. The option to disable the prepopulating of username and password was added with security implications in mind, so that the customer can make their users to always type in their user credentials manually to prevent any unwanted access of the system by intruders.

Even if the option to prepopulate the fields is disabled and the fields are initially left empty, as expected in most browsers when you click one of the two fields, the browser allows the user to populate the fields with values it has already remembered (every browser has its own solution for this behavior, based on its password tool manager implementation). This is something WebCenter application cannot prevent, as it is native behavior of the browser itself.


To make sure Password Management tool never allows for such an easy ad hoc prepopulating of user credential fields, a Group Policy countermeasure should be applied by the customer's IT department.

Disable Password Caching for Internet Explorer (IE)

These instructions are specific to Windows Server 2012, however may be similarly applied in Windows Server 2008.

To disable the caching of passwords and auto-completion of usernames and passwords used in IE from the Group Policy Management Editor:

  1. Browse to User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer.
  2. Disable the option “Turn on the auto-complete feature for user names and passwords.”
    Group Policy Management Editor - Disable Password Caching for IE
  3. This will also prevent users from re-enabling the setting:
    Prevent Users from enabling Auto Complete

Restrict Password Caching in Mozilla Firefox

Locking down settings in Firefox requires use of a third-party extension. One extension that we tested is called FirefoxADM, which provides adm files that add the ability to configure Firefox settings through Windows Group Policy. However, this only seemed to work with older versions of Firefox. Other extensions and tools exist, however are not officially supported by Microsoft for use in a Windows environment.

Disable Password Caching in Google Chrome for Business

Google Chrome for Business allows for policies relating to Google Chrome to be defined at either user or device level.

To disable the Google Chrome Password Manager at the user level,

  1. Logon to the Google Admin console.
  2. Navigate to the Settings menu and select User Settings.
  3. Select an OU.
  4. Under the Security settings, disable Password Manager.

You can disable the Google Chrome Password Manager at the device level through Windows GPO by doing the following:

  1. Add two REG_DWORD values to the Windows registry at HKEY_LOCAL_MACHINESoftwarePoliciesChrome called PasswordManagerEnabled and PasswordManagerAllowShowPasswords
  2. Set their value to 0x00000000.
    Disable Password Caching in Google Chrome - Google Chrome Password Manager can be disabled through Windows GPO
  3. Disabling the Password Manager takes away the users’ ability to enable the “Offer to save passwords I enter on the web” setting in Chrome.
    Offer to save passwords I enter on the web is now disabled

Disable Password Manager in Microsoft Edge

For Server 2012 and 2016, the Microsoft Edge group policy settings may not be available. If they aren’t, you can copy the files from C:\Windows\PolicyDefinitions to the server to merge them and get the Policy Settings for Microsoft Edge.

You can also download them from Microsoft here:

To disable the Password saving and auto-completion of forms in the Group Policy Management Editor:

  1. Browse to User Configuration > Policies > Administrative Templates > Windows Components > Microsoft Edge.
  2. Disable “Configure Password Manager and “Configure Autofill” policies.
    Disable Password Manager in Microsoft Edge
  3. This will prevent users from saving passwords in Edge or enabling the setting to do so.

More information

More details about how to deploy such measures is described in the following link: 

Article information
Applies to

WebCenter 18.1 and newer



Last revised 
Problemlog Number