Solved

Losing cached credentials in XP

Posted on 2004-04-02
7
586 Views
Last Modified: 2012-06-22
When logging into a folder on a remote server (Win 2003), how can I prevent XP from remembering the credentials so I can log on as another user to that folder seconds/minutes later? Currently I have been loging off and back into XP, but this is a bit tedious, I'm sure there is a better way!

Steve
0
Comment
Question by:free2get
  • 3
  • 2
  • 2
7 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10740744
There isn't better way, it's a core function of windows Authentication, the tokens you are granted do not expire until you have logged off the PC that is storing them.  These tokens are stored in memory. You may be able to use the "net use" cmd to negoitiate a new token crediential as eluded to in this M$ article: http://support.microsoft.com/default.aspx?scid=kb;EN-US;122422
Also in windows2003 this becomes an easy task for you: http://www.develop.com/kbrown/book/html/howto_logonuser.html
Net Use example that may accomplish your goal... I am not sure if you have 2 token's established to one folder, which one windows will use to permit you access.
net use p: \\<machine>\other_folder /user:free2get
GL!
-rich
0
 
LVL 11

Expert Comment

by:billwharton
ID: 10740757
Well, there isin't a registry key for doing that from the research I have done in the past. What you can do though is this:

Whenever you access a shared folder on another computer, this shows up in network maps.

Right click on 'my network places' on the desktop and choose 'disconnect network drive' and then disconnect the share you see in there. This way, it disconnects the netbios connection to the particular server. Wait a couple of seconds and try again and it should ask you for logon credentials this time.
0
 

Author Comment

by:free2get
ID: 10741161
I wasn't wanting to map the drive, so I'm not looking for a net use solution. The folder I'm accessing on the server isn't shared either, the user just has NT permissions to access via "\\servername\resource". The secondary user credentials I was wanting to log on with was to test NT security permissions to this folder. I guess I'll just have to accept that I can't circumvent the token system! Thanks for your imput though....was just trying to beat a small frustration I encountered when testing.

Steve
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 11

Expert Comment

by:billwharton
ID: 10741253
I know you aren't mapping the drive. Try the solution I talked about.

Even though you aren't actually mapping a drive but only access it by doing \\servername\share, it stil shows up there and can be disconnected!
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10741327
In 2003 you can though... the link I provided had a perl script that would do as you were asking... from the article: It returns a token that references the new logon session, and you can use this token to impersonate the user.
again, that article http://www.develop.com/kbrown/book/html/howto_logonuser.html his other links will help also http://www.develop.com/kbrown/book/html/whatis_protocoltransition.html

Also, net use  isn't to just "map" a drive, it will in fact add another token to your system. You can browse to that drive with the Mapped netuse drive, or by explorer. However I am not certain what token will be used when accessing that folder...
GL!
-rich
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 125 total points
ID: 10741440
I should clarify, when you have token's on your machine, winblows will try to use all of them, before you'll be prompted for a u/p. So if you used net use and specified the user to use on the cmd line, you'll have this token #1.  If you accessed that folder with a different user/pass (token #2), then you use ntfs to lock out #2, and you try that share again, even though you locked out #2, you still have the token for #1, and you will be allowed. Runas may be able to help you also...

Highlight IE icon, hold shift and right-click then select RunAs... put in a different username and pasword, IE will then run as a different user (check with task manager)
you can then type \\whatever\whatever in the IE url bar, and connect that way with a different username and pass. You can shortcut that too, so all you have to do is enter the username and pass read here: http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/windows_security_runas_shortcut.asp

I should of mentioned this earlier.
-rich
0
 

Author Comment

by:free2get
ID: 13610787
Sorry Rich, I should have awareded you these points much earlier! I'm tidying up my questions and realised it was still open. Although the other solutions were adequate yours has been the one I have been using ever since. As I said at the outset I was looking for something flexible and least tedious. It's simple and it works.

Steve
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now