Solved

Losing cached credentials in XP

Posted on 2004-04-02
7
587 Views
Last Modified: 2012-06-22
When logging into a folder on a remote server (Win 2003), how can I prevent XP from remembering the credentials so I can log on as another user to that folder seconds/minutes later? Currently I have been loging off and back into XP, but this is a bit tedious, I'm sure there is a better way!

Steve
0
Comment
Question by:free2get
  • 3
  • 2
  • 2
7 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10740744
There isn't better way, it's a core function of windows Authentication, the tokens you are granted do not expire until you have logged off the PC that is storing them.  These tokens are stored in memory. You may be able to use the "net use" cmd to negoitiate a new token crediential as eluded to in this M$ article: http://support.microsoft.com/default.aspx?scid=kb;EN-US;122422
Also in windows2003 this becomes an easy task for you: http://www.develop.com/kbrown/book/html/howto_logonuser.html
Net Use example that may accomplish your goal... I am not sure if you have 2 token's established to one folder, which one windows will use to permit you access.
net use p: \\<machine>\other_folder /user:free2get
GL!
-rich
0
 
LVL 11

Expert Comment

by:billwharton
ID: 10740757
Well, there isin't a registry key for doing that from the research I have done in the past. What you can do though is this:

Whenever you access a shared folder on another computer, this shows up in network maps.

Right click on 'my network places' on the desktop and choose 'disconnect network drive' and then disconnect the share you see in there. This way, it disconnects the netbios connection to the particular server. Wait a couple of seconds and try again and it should ask you for logon credentials this time.
0
 

Author Comment

by:free2get
ID: 10741161
I wasn't wanting to map the drive, so I'm not looking for a net use solution. The folder I'm accessing on the server isn't shared either, the user just has NT permissions to access via "\\servername\resource". The secondary user credentials I was wanting to log on with was to test NT security permissions to this folder. I guess I'll just have to accept that I can't circumvent the token system! Thanks for your imput though....was just trying to beat a small frustration I encountered when testing.

Steve
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 11

Expert Comment

by:billwharton
ID: 10741253
I know you aren't mapping the drive. Try the solution I talked about.

Even though you aren't actually mapping a drive but only access it by doing \\servername\share, it stil shows up there and can be disconnected!
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10741327
In 2003 you can though... the link I provided had a perl script that would do as you were asking... from the article: It returns a token that references the new logon session, and you can use this token to impersonate the user.
again, that article http://www.develop.com/kbrown/book/html/howto_logonuser.html his other links will help also http://www.develop.com/kbrown/book/html/whatis_protocoltransition.html

Also, net use  isn't to just "map" a drive, it will in fact add another token to your system. You can browse to that drive with the Mapped netuse drive, or by explorer. However I am not certain what token will be used when accessing that folder...
GL!
-rich
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 125 total points
ID: 10741440
I should clarify, when you have token's on your machine, winblows will try to use all of them, before you'll be prompted for a u/p. So if you used net use and specified the user to use on the cmd line, you'll have this token #1.  If you accessed that folder with a different user/pass (token #2), then you use ntfs to lock out #2, and you try that share again, even though you locked out #2, you still have the token for #1, and you will be allowed. Runas may be able to help you also...

Highlight IE icon, hold shift and right-click then select RunAs... put in a different username and pasword, IE will then run as a different user (check with task manager)
you can then type \\whatever\whatever in the IE url bar, and connect that way with a different username and pass. You can shortcut that too, so all you have to do is enter the username and pass read here: http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/windows_security_runas_shortcut.asp

I should of mentioned this earlier.
-rich
0
 

Author Comment

by:free2get
ID: 13610787
Sorry Rich, I should have awareded you these points much earlier! I'm tidying up my questions and realised it was still open. Although the other solutions were adequate yours has been the one I have been using ever since. As I said at the outset I was looking for something flexible and least tedious. It's simple and it works.

Steve
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
An analysis of the phishing scam that has been affecting Google users, along with steps to take for protection, as well as what to do if you receive one of the emails.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now