Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Losing cached credentials in XP

Posted on 2004-04-02
7
589 Views
Last Modified: 2012-06-22
When logging into a folder on a remote server (Win 2003), how can I prevent XP from remembering the credentials so I can log on as another user to that folder seconds/minutes later? Currently I have been loging off and back into XP, but this is a bit tedious, I'm sure there is a better way!

Steve
0
Comment
Question by:free2get
  • 3
  • 2
  • 2
7 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10740744
There isn't better way, it's a core function of windows Authentication, the tokens you are granted do not expire until you have logged off the PC that is storing them.  These tokens are stored in memory. You may be able to use the "net use" cmd to negoitiate a new token crediential as eluded to in this M$ article: http://support.microsoft.com/default.aspx?scid=kb;EN-US;122422
Also in windows2003 this becomes an easy task for you: http://www.develop.com/kbrown/book/html/howto_logonuser.html
Net Use example that may accomplish your goal... I am not sure if you have 2 token's established to one folder, which one windows will use to permit you access.
net use p: \\<machine>\other_folder /user:free2get
GL!
-rich
0
 
LVL 11

Expert Comment

by:billwharton
ID: 10740757
Well, there isin't a registry key for doing that from the research I have done in the past. What you can do though is this:

Whenever you access a shared folder on another computer, this shows up in network maps.

Right click on 'my network places' on the desktop and choose 'disconnect network drive' and then disconnect the share you see in there. This way, it disconnects the netbios connection to the particular server. Wait a couple of seconds and try again and it should ask you for logon credentials this time.
0
 

Author Comment

by:free2get
ID: 10741161
I wasn't wanting to map the drive, so I'm not looking for a net use solution. The folder I'm accessing on the server isn't shared either, the user just has NT permissions to access via "\\servername\resource". The secondary user credentials I was wanting to log on with was to test NT security permissions to this folder. I guess I'll just have to accept that I can't circumvent the token system! Thanks for your imput though....was just trying to beat a small frustration I encountered when testing.

Steve
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 11

Expert Comment

by:billwharton
ID: 10741253
I know you aren't mapping the drive. Try the solution I talked about.

Even though you aren't actually mapping a drive but only access it by doing \\servername\share, it stil shows up there and can be disconnected!
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10741327
In 2003 you can though... the link I provided had a perl script that would do as you were asking... from the article: It returns a token that references the new logon session, and you can use this token to impersonate the user.
again, that article http://www.develop.com/kbrown/book/html/howto_logonuser.html his other links will help also http://www.develop.com/kbrown/book/html/whatis_protocoltransition.html

Also, net use  isn't to just "map" a drive, it will in fact add another token to your system. You can browse to that drive with the Mapped netuse drive, or by explorer. However I am not certain what token will be used when accessing that folder...
GL!
-rich
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 125 total points
ID: 10741440
I should clarify, when you have token's on your machine, winblows will try to use all of them, before you'll be prompted for a u/p. So if you used net use and specified the user to use on the cmd line, you'll have this token #1.  If you accessed that folder with a different user/pass (token #2), then you use ntfs to lock out #2, and you try that share again, even though you locked out #2, you still have the token for #1, and you will be allowed. Runas may be able to help you also...

Highlight IE icon, hold shift and right-click then select RunAs... put in a different username and pasword, IE will then run as a different user (check with task manager)
you can then type \\whatever\whatever in the IE url bar, and connect that way with a different username and pass. You can shortcut that too, so all you have to do is enter the username and pass read here: http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/windows_security_runas_shortcut.asp

I should of mentioned this earlier.
-rich
0
 

Author Comment

by:free2get
ID: 13610787
Sorry Rich, I should have awareded you these points much earlier! I'm tidying up my questions and realised it was still open. Although the other solutions were adequate yours has been the one I have been using ever since. As I said at the outset I was looking for something flexible and least tedious. It's simple and it works.

Steve
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question