Disabling caching of file share access credentials
When users make a VPN connection into our network, they can see the file shares even though they are not logged into the domain. To access a file share they should be prompted for user name/password. The first time a user connects from a given computer, the usr/pwd prompt comes up but not for subsequent attempts to access to the same share. The problem that comes up is that if a different user makes a new VPN connection for the same computer, he is able to access the share without entering usr/pwd because the first users credentials are cached and submitted. Since the first user may have access to a share that the second user should not, this is a major problem.
I have been searching for a setting at the server level to cause all share accesses to require a password, or at least set a timeout afterwhich credentials must be reentered. As I understand, GPO won't help in this situation becuase the users do not log into the domain.
Any know how to disable or limit this caching with a server setting?
Are these systems sharing a User account? If they are, individual user accounts would render this a moot issue, as 1 user's credentials for a share are stored in their own storage, and are not visible to another user account.....
Oh, and these are CLIENT side changes....
0
dougmacgregor1Author Commented:
My various researches into this indicate that there is no server-side setting outside of GPO to do what I want. So I have an answer that I can go forward with. johnb6767's links are right on as far as dealing with it on the client side so I am accepting his solution.
0
dougmacgregor1Author Commented:
Solution was as complete as possible, since only a partial solution to my original need exists.
0
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
http://www.pctools.com/guides/registry/detail/124/
Think this one still works post XP....
Disable Storage of Credentials and .NET Passwords
http://www.pctools.com/guides/registry/detail/124/
Are these systems sharing a User account? If they are, individual user accounts would render this a moot issue, as 1 user's credentials for a share are stored in their own storage, and are not visible to another user account.....
Oh, and these are CLIENT side changes....