Solved

Disabling caching of file share access credentials

Posted on 2011-09-19
3
299 Views
Last Modified: 2012-05-12
When users make a VPN connection into our network, they can see the file shares even though they are not logged into the domain.  To access a file share they should be prompted for user name/password.  The first time a user connects from a given computer, the usr/pwd prompt comes up but not for subsequent attempts to access to the same share.   The problem that comes up is that if a different user makes a new VPN connection for the same computer, he is able to access the share without entering usr/pwd because the first users credentials are cached and submitted.  Since the first user may have access to a share that the second user should not, this is a major problem.

I have been searching for a setting at the server level to cause all share accesses to require a password, or at least set a timeout afterwhich credentials must be reentered.  As I understand, GPO won't help in this situation becuase the users do not log into the domain.

Any know how to disable or limit this caching with a server setting?
0
Comment
Question by:dougmacgregor1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 66

Accepted Solution

by:
johnb6767 earned 500 total points
ID: 36567714
Disable Password Caching
http://www.pctools.com/guides/registry/detail/124/

Think this one still works post XP....

Disable Storage of Credentials and .NET Passwords
http://www.pctools.com/guides/registry/detail/124/

Are these systems sharing a User account? If they are, individual user accounts would render this a moot issue, as 1 user's credentials for a share are stored in their own storage, and are not visible to another user account.....

Oh, and these are CLIENT side changes....
0
 

Author Comment

by:dougmacgregor1
ID: 36589375
My various researches into this indicate that there is no server-side setting outside of GPO to do what I want.  So I have an answer that I can go forward with.  johnb6767's links are right on as far as dealing with it on the client side so I am accepting his solution.
0
 

Author Closing Comment

by:dougmacgregor1
ID: 36589388
Solution was as complete as possible, since only a partial solution to my original need exists.
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question