Shared folders authinication


is there a way to ask for authentication when a user clicks on a shared folder.

im working in a hospital. we have given the nurses common account  in the wards/ Clinics PCs.

lots of doctors & nurses use these PCs for checking their emails through OWA.

some of them have their own shared folders. and to access them , they are required to log off the common account, then log on with their accounts, check their mapped folders and then log off again and log on with the common account to allow others to use the PCs.

this floods the PCs , sometimes, with more than 30 profiles .

is there a way to re ask for authentication on the folder level.

 that is , when a user logged on using a common account , and clicks on  a mapped shared folder, an authentication window should pop up and if he puts the correct credentials of the folder privileged users/groups  , the folder should open.

all of these folders are on windows 2003 R2 server.

hope the point is clear, thanks a lot in advance.

Who is Participating?

Unfortunately not. Windows works on a single-sign on model, whereby if the currently logged in user's account does not have permissions to the resource they are accessing, the request will be automatically denied. Logon/Logoff to the user's main account is the most appropriate way to do this.

If you are using Roaming Profiles, you can configure these such that the copy of the profile is removed from the machine at logoff:

I agree; Windows doesn't work that way.  There is probably some 3rd party software solutions that could do this, but I have no idea.
Now depending on how much you really want this to work, here's some ideas:

You could create a public folder in Exchange and move the necessary files to there.
You could move the files to a WORKGROUP or NAS that doesn't attach to the domain.
You could move the files to new shares on a workgroup computer.
You could create a Remote Desktop solution using Windows Remote Desktop, or plenty of 3rd party ones to let the user remote onto which server/computer these shares are on.
Create a VMWare Server with a VM to behave like the workgroup one above, or heck even just to act like a machine on the other domain, then remote into it as your other login name.
-- All of these options would allow/require the user to enter a logon at that time.
You could try using a runas script like this:
runas /u:otherdomain\otheruser explorer
This will open Windows explorer, but under the identity of the local user account chosen.  Then try typing the UNC name into the address bar.  I haven't got the facility to test this at the mo, but it's possible it'll work.  I did this frequently with local accounts, but not with domains.
I support that too.  I think tiger answered it and then I offered workarounds.  So #4 split between 1st 2 posts.
Thanks for returning, I appreciate it. Concur - #4 split between http:#a24180192 and http:#a24180280
sketbiAuthor Commented:
thanks alot i will try one of these tips
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.