Network Access to Shares is Too Persistent

Posted on 2000-02-22
Last Modified: 2013-12-28
Using   Windows NT Explorer   to ramble through   Network Neighborhood   I can access shares created on various systems.  For some shares I need to go through the   Enter Network Password   dialog.  If I gain access this way there does not appear to be a way to terminate the access, i.e. subsequent times that I logon to the local machine I will have access to the shares that I logged in to previously.  (This is different from mapping a drive letter where I can use   Disconnect Network Drive...  to sever the connection.)  How can I break this connection so that another network logon is required?
Question by:unlikelyloginname
  • 2
  • 2
  • 2
  • +1

Accepted Solution

shibu020500 earned 200 total points
Comment Utility
Hi Unlikely,
            If u do not want to get the shares of a PC which u got after going thru this "Enter Network Password" Dialog box, u can go to the command prompt and type in
 u would see a list of shares and the drive letters mapped to it
 Out of that u can see \\machine_name\IPC$ entry which is enabling this access to the the shared resource of the PC to which u haven't mapped any drive letter.
U can delete this by using this command..
NET USE \\mach_name\IPC$ /delete
which would end the session and prompt u for a username and password next time u try to access the share.
If u want to remove all the shares u can use
NET USE * /delete
u could probably put it in a batch file to easen the job:-)
These connections are for a short period and are called deviceless connections.

             Good Luck
LVL 63

Expert Comment

Comment Utility
Once you have accessed a share , the password is stored locally. So the next time you access it, you may not be required to enter a password. You could delete the *.pwl file if you want. Normally in the windows dir.
I hope this helps.
LVL 23

Expert Comment

by:Tim Holman
Comment Utility
Windows NT Explorer will map shares persistently.
The only way to change this is to unmap the shares (net use /d) or remove the persistent status of the share via the registry.
Why do you want to 'break' the connection ?
Are you using the same username and password to logon ?
This all sounds like default behaviour to me.
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.


Author Comment

Comment Utility
Curiouser and curiouser.

The client side shows a connection to   \\MyMachine\IPC$   when the share is in use.  It reconnects automatically after being broken with   NET USE \\MyMachine\IPC$ /d .  (Or after being disconnected by the server side using Server Administrator.)  I want to prevent automatic reconnection without forcing another network login.

There are several reasons that I'm mucking with this:

Curiosity.  Who is keeping track of the access that was granted long ago?  Is it hiding in the registry by SID?

A concern about security.  I deleted a share to which the client machine had access and later created a new share with the same name.  The client had access to the new share without performing a network login.  As an old (Eh?) system manager I would like to be able to look at the list of things that are "preauthorized", whether or not they currently exist, so that I can avoid creating something that I think is protected only to find that some old certificate somewhere is still valid.

The ability to tidy up loose ends.  I have made the mistake of using the browser, and a network login, rather than mapping a drive in order to help someone get a file.  Disconnecting a mapped drive is easy, but I can't seem to disable access that was obtained while browsing.
LVL 23

Expert Comment

by:Tim Holman
Comment Utility
IPC$ connections are normal - they represent accesses to files that don't have a drive mapped to them.
So - if you're browsing through explorer, you'll get IPC connections for each seperate server you browse.
Even if you've already got a drive mapped to that server.

What's happening here should not affect security.

That boils down to NTFS permissions - if they're secure and in place, nothing can get past them (at least from a user's point of view :) ).

An IPC connection will be made to ALL servers the worksation access (including the PDC or BDC whenever they log on).

It seems a little mysterious that deleting a shared directory and recreating it retains NTFS permissions, as they're attached to the directory itself.

Are you sure this is the case ?

If you just delete the SHARE, then this would happen.  If you delete the SHARE+DIRECTORY, it shouldn't !

You have to make sure you apply NTFS permissions BEFORE you share the directory.

Hope this helps.


Expert Comment

Comment Utility
Hi ,
    It seems to me my answer didn't satisfy you :-) . Anyway that was the answer to your query. Once using net use u r disconnecting a share , when u attempt to reconnect it would defenitely ask for a username and password ( only if the SID which u have used to login to the client PC is not present in the server)

U can check the status of ur share ( all shares to which u r connected )
using NET  USE command ...For the disconnected share it would be DISCONNECTED else OK

Now coming to the shares , When u share anything , the Computer Browser Service just broadcast the information throughout the network . This is  why u can see ur server shares from a client PC.
When a user Logs in , the NETLOGON service and Local Security Authority of the Server would verifying the user's info in the Security Accounts Manager Database . If his info is present he would be allowed to Login.

Coming to accessing resources ,the user would be given KEYS to the SHARES to which he is permitted to access. This you configure in the shares
Ex: DATA folder is shared .( remember , in NT by default it is Everyone Fullcontrol) . Since it is shared it's info would be broadcasted on the Network. And users like you and me see it from the NetNeighborhood. When u double click or try to access the share your SID passed on to the server to check whether (1) your account is present in the SAM database and (2) you have been permitted to access ( Default --> FullControl) , if yes u can see the contents and perform other operations.
Now if I stop the sharing and delete the folder and create another folder with a different name but SHARE it with the SAME name , naturally it would appear in Netneighborhood and when you access it ,ur Username would be checked as mentioned before and if accepted would be allowed to access.

To avoid such things share a folder only for those users who are meant to access it, remove the default ( Everyone--FullControl)Also as Tim Holman mentioned u can use NTFS permissions which again , by default, allows everyone.

  In brief , there is nothing in sharenames ,it is the accesslist which is associated with a share  more important.

  I believe this might have clarified most of your doubts
                  Good Luck

Author Comment

Comment Utility
It seems that I missed a fundamental feature of "security" in Windows NT.  Share permissions don't apply if the client user's username and password happen to match an account on the system offering the share.

When setting file protections there is always the feature of having to remember to include access for   Me   and   Domain\Me .  I assumed that being schizophrenic, or at least plural, would extend to shares.  If the share permission allows access to anyone authenticated as   Svengali   on the serving machine then they must explicitly ask the server to authenticate them.  In fact, if the client happens to be   Svengali   on their machine, and the passwords match, then access is granted implicitly.

Sorry that it took so long for this to sink in.

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

A few months ago I had an issue with LaserJet 1020 printer which was installed to XP and Windows 7.  It was installed to XP and working, but when I tried to connect from a Windows 7 PC, it would attempt connection and then fail.  Sometimes the Spool…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now