[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Losing cached credentials in XP

Posted on 2004-04-02
7
Medium Priority
?
596 Views
Last Modified: 2012-06-22
When logging into a folder on a remote server (Win 2003), how can I prevent XP from remembering the credentials so I can log on as another user to that folder seconds/minutes later? Currently I have been loging off and back into XP, but this is a bit tedious, I'm sure there is a better way!

Steve
0
Comment
Question by:free2get
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10740744
There isn't better way, it's a core function of windows Authentication, the tokens you are granted do not expire until you have logged off the PC that is storing them.  These tokens are stored in memory. You may be able to use the "net use" cmd to negoitiate a new token crediential as eluded to in this M$ article: http://support.microsoft.com/default.aspx?scid=kb;EN-US;122422
Also in windows2003 this becomes an easy task for you: http://www.develop.com/kbrown/book/html/howto_logonuser.html
Net Use example that may accomplish your goal... I am not sure if you have 2 token's established to one folder, which one windows will use to permit you access.
net use p: \\<machine>\other_folder /user:free2get
GL!
-rich
0
 
LVL 11

Expert Comment

by:billwharton
ID: 10740757
Well, there isin't a registry key for doing that from the research I have done in the past. What you can do though is this:

Whenever you access a shared folder on another computer, this shows up in network maps.

Right click on 'my network places' on the desktop and choose 'disconnect network drive' and then disconnect the share you see in there. This way, it disconnects the netbios connection to the particular server. Wait a couple of seconds and try again and it should ask you for logon credentials this time.
0
 

Author Comment

by:free2get
ID: 10741161
I wasn't wanting to map the drive, so I'm not looking for a net use solution. The folder I'm accessing on the server isn't shared either, the user just has NT permissions to access via "\\servername\resource". The secondary user credentials I was wanting to log on with was to test NT security permissions to this folder. I guess I'll just have to accept that I can't circumvent the token system! Thanks for your imput though....was just trying to beat a small frustration I encountered when testing.

Steve
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 11

Expert Comment

by:billwharton
ID: 10741253
I know you aren't mapping the drive. Try the solution I talked about.

Even though you aren't actually mapping a drive but only access it by doing \\servername\share, it stil shows up there and can be disconnected!
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10741327
In 2003 you can though... the link I provided had a perl script that would do as you were asking... from the article: It returns a token that references the new logon session, and you can use this token to impersonate the user.
again, that article http://www.develop.com/kbrown/book/html/howto_logonuser.html his other links will help also http://www.develop.com/kbrown/book/html/whatis_protocoltransition.html

Also, net use  isn't to just "map" a drive, it will in fact add another token to your system. You can browse to that drive with the Mapped netuse drive, or by explorer. However I am not certain what token will be used when accessing that folder...
GL!
-rich
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 10741440
I should clarify, when you have token's on your machine, winblows will try to use all of them, before you'll be prompted for a u/p. So if you used net use and specified the user to use on the cmd line, you'll have this token #1.  If you accessed that folder with a different user/pass (token #2), then you use ntfs to lock out #2, and you try that share again, even though you locked out #2, you still have the token for #1, and you will be allowed. Runas may be able to help you also...

Highlight IE icon, hold shift and right-click then select RunAs... put in a different username and pasword, IE will then run as a different user (check with task manager)
you can then type \\whatever\whatever in the IE url bar, and connect that way with a different username and pass. You can shortcut that too, so all you have to do is enter the username and pass read here: http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/windows_security_runas_shortcut.asp

I should of mentioned this earlier.
-rich
0
 

Author Comment

by:free2get
ID: 13610787
Sorry Rich, I should have awareded you these points much earlier! I'm tidying up my questions and realised it was still open. Although the other solutions were adequate yours has been the one I have been using ever since. As I said at the outset I was looking for something flexible and least tedious. It's simple and it works.

Steve
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
What we learned in Webroot's webinar on multi-vector protection.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question