HOW TO
Instructions provided describe how to disable the Save Username and Password checkbox on the New Database Connection dialog box so that this setting cannot be persisted in database connection files. This prevents a user from connecting to data they should not have access to, even if they are provided with a database connection file.
In ArcGIS Pro, the default behavior is to allow saving of credentials within database connection files. Adding an entry to the registry disables this functionality.
Esri recommends against storing database-level credentials in SDE connection files. Instead, customers should utilize their operating system authentication pass-through (such as Active Directory), which means no credentials need to be stored in SDE with this configuration.
This recommendation is not based on factors such as the encryption strength of ArcGIS Pro's connection to a database. Instead, this recommendation is based upon a user's ability to distribute database connection files to other users, who would then be able to access the content under the connection creator's account credential context. Saving credentials in a database connection file precludes the possibility of non-repudiation. Strong access controls, such as those requiring the use of a centralized authentication and access control system like Active Directory or LDAP, can help mitigate this risk.
Regarding file transport concerns, please see the following information available on our ArcGIS Pro best practices page.
If you have similar questions in the future, please search the ArcGIS Trust Center, as much of this information is available there.
For additional questions or assistance with secure deployment scenarios, we recommend contacting Esri Professional Services, as we have many resources and options to assist with your requests.
Warning: The instructions below include making changes to essential parts of your operating system. It is recommended that you backup your operating system and files, including the registry, before proceeding. Consult a qualified computer systems professional, if necessary. Esri cannot guarantee results from incorrect modifications while following these instructions. Therefore, use caution and proceed at your own risk.
The availability of the Save Username and Password checkbox is determined via a Windows Registry setting.
Follow these steps to disable saving credentials in an SDE connection file:
Create a key called "DisableUsernamePasswordCheckBox" of type DWORD
Once completed you should see that the new connection files no longer prompt you with the option of saving credentials.
Get help from ArcGIS experts
Download the Esri Support App