?
Solved

Force Windows to challenge for Credentials

Posted on 2012-03-21
8
Medium Priority
?
725 Views
Last Modified: 2012-08-14
Hi,

Does anyone now how to force windows explorer in Windows 7 to challenge for Credentials when the currently logged on user doesn't have access to a resource?

We have several meeeting rooms here and I want to use a single logon account for these rooms, but don't want to give that Meeting Room acocunt access to all network shares

Currently when I try to access a drive that it doens't have access to I just get the standard "Acccess Denied" message....

Thanks
0
Comment
Question by:MOSADMIN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 37750436
Not a good idea - even if you could get it to work there is the danger of the tokens being cached effectively allowing anyone to access the files someone else has provided the credentials for - just get people to log on normally with their own username/password - that's how a domain is designed to work
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 37750513
Shared accounts are typically not a good idea in terms of security, so perhaps there is another solution to the same problem. You can easily place a meeting room account in a deny list on a share or even a server:
http://technet.microsoft.com/en-us/library/cc947795%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc753064%28v=ws.10%29.aspx
Share ACL's and NTFS ACL's work in tandem with each other, which ever has the most restrictive permission, is the one that is applied to that share. I recommend setting shares to "Everyone Full Control" and use NTFS to make restrictions, that way it applies at the computer level as well as the share level.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/file_srv_bestpractice.mspx (still applies to current OS's)
-rich
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 37750518
I take that back, not full control, but read, then from that point inside the share they are subject to the NTFS permissions http://technet.microsoft.com/en-us/library/cc753731.aspx
-rich
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:MOSADMIN
ID: 37751650
Ok, fair point so shared user accounts are not best practice.....

Do you know then how I would be able to get a shared Meeting Room calendar to open on the meetings room PC when a user logs on (but only when they log on to that particular PC)?

I've formatted a URL using Outlook Web Parts so that I can have the Calendar open up in IE as soon as the MeetingRoom user logs on (using Windows Credential Manager to store the logon details) but if individual users are logging onto meeting rooms PCs then they wouldn't have these stored credentials so would be challenged to logon to the Mailbox when the URL opens

Not a big deal I know but in the interests of not having to give people more credentials to remember I'd like to be able to automate this...

Thanks
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 2000 total points
ID: 37751810
Can you add a short-cut to the URL to the "startup" folder instead?
C:\Documents and Settings\All Users\Start Menu\Programs\Startup (for XP/vista/2003)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup (for win7/2008)
We used to do this with a few computers in the training room, adding the iexplore.exe -k switch to the URL's to open IE in kiosk mode. Then we started using the Shared computer toolkit for XP: http://technet.microsoft.com/en-us/library/cc507835.aspx
It may have more features like your looking for, it's not as easy for windows 7 however. XP could also use "Steady State" however it's not compatible with windows 7 however most features do seem to be included:http://www.microsoft.com/download/en/details.aspx?id=24373
-rich
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 37751814
disregard, wrong question :(
-rich
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 37751821
OMG haha... I need to sleep, disregard my very last comment only :)
-rich
0
 

Author Comment

by:MOSADMIN
ID: 37756173
Haha....it's ok, I was a bit confused at first!

OK so shared user accounts are a bad idea, point taken...

I think I need to raise a new question then about storing credentials for a website across multiple logon accounts then

Thanks for your help

Mike
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question