• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 843
  • Last Modified:

Have Windows Prompt for Password when Accessing Network Share -- Windows Domain

I want to be able to go to "Run" and type in a UNC path then have it prompt me for credentials (assuming credentials aren't already saved. I know that I can just map and disconnect network drives to accomplish this, but I want this to be able to be a quick operation as needed. I tried a batch file with:
runas /user:USER explorer.exe
which got me to an explorer window where I could type in a UNC path. It was working for a few minutes and now is no longer workiing.
0
jpfulton
Asked:
jpfulton
  • 7
  • 6
  • 4
  • +2
4 Solutions
 
NVITCommented:
...is no longer workiing.
What's not working... runas...Explorer?
0
 
jpfultonAuthor Commented:
What I'd really like is to just pop up the "Run" window and type a UNC path.    runas...explorer was my workaround. Currently it works in that it is opening an explorer window, however upon going to the address bar and typing in my desired UNC path I'm still getting a credentials error.
0
 
Brian PiercePhotographerCommented:
Why?
What's wrong with using windows security as it was meant to be used.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
jpfultonAuthor Commented:
Nothing's wrong with that. What do you mean specifically? Like use a mapped drive?
0
 
NVITCommented:
...it was working for a few minutes
What do you mean?
0
 
jpfultonAuthor Commented:
I mean I setup a batch file to run that command and tried it. I tried the batch file again a few minutes later and it worked again then a few minutes executed the batch file and again it worked. Now I try it (30 minutes later) and although it opens the explorer window, I'm denied access to the network share.
0
 
jpfultonAuthor Commented:
Here's my unfortunate reality: If I'm not in the office sometimes the boss will have someone else go on my computer. It is terrible, stupid, bad security and pisses me off but it's my reality. I need to be able to access protected shares across the network but I want to be prompted every time I need to. I want to make sure that  someone else using my computer doesn't automatically get them access to all network shares.
0
 
NVITCommented:
You mean they use your user name and logon?
0
 
Brian PiercePhotographerCommented:
Windows is designed to use single sign-on authentication. They have a single username and password.
A user is authenticated by windows and then you control which resources (files and folders), they have access to by applying the appropriate security permissions.
0
 
jpfultonAuthor Commented:
Unfortunately, yes. The main goal is to access my email/sent email. Obviously this could be accomplished via webmail and IMAP but that's just not our setup.

EDIT: Some patience from the boss would go a long way too but alas, it is his signature on the paycheck.
0
 
Brian PiercePhotographerCommented:
You need a fundamental review of your security. Its a disaster waiting to happen.
0
 
VB ITSSpecialist ConsultantCommented:
Do these people have your credentials, i.e. do they know your username and password?

If so you can try the below:

Create a batch file on your desktop to delete your network drive mappings and run it each time you leave the office. Command to use would look like this: net use N: /delete /y
Remove your account from the NTFS permissions on the network shares
Grant another account (such as a separate domain admin account or secondary user account) full access to these shares
Create another batch file to remap the network drives but have it prompt for credentials (sample code below)
@echo off
set /p userid=Enter username: 
set /p userpw=Enter password: 

net use N: \\server\share /user:%userid% %userpw%

pause

Open in new window

Since you've removed access to these shares from your own account, anybody who tries to map these drives using your credentials will just get an Access is denied error.

Whereas if you use the credentials for a separate account which has full access to the network shares, you'll be able to map the drives without issues.

The above batch file doesn't store username or passwords either so you could skip bullet points 2 and 3 if other staff don't have your password.
0
 
NVITCommented:
jpfulton,

I tested cmdkey. I think it does what you want. Imaging yourself as User1.

Open a CMD prompt as current logged on user (you)

cmdkey /add:Server\c$\RestrictedFolder /user:Server\User1 /pass:password
CMDKEY: Credential added successfully.

Open windows explorer at \\Server\c$\RestrictedFolder
It works

Just to confirm, logoff then logon

Open windows explorer at \\Server\c$\RestrictedFolder
It works

cmdkey /list

Currently stored credentials:

    Target: Domain:target=Server
    Type: Domain Password
    User: Server\User1

cmdkey /del:Domain:target=Server

Logoff
At this point, the other person logs on as user1 with same password

Open windows explorer at \\Server\c$\RestrictedFolder
As expected, Windows security dialog asks for creds

Note: Each time you /add or /delete a target, you have to log off then logon to see the effect.

Of course, the next time YOU open the path with Windows Explorer, you'll get the creds dialog and you have to enter that in. At that time, pick the Remember checkbox.
0
 
NVITCommented:
Of course, the next time YOU open the path with Windows Explorer, you'll get the creds dialog and you have to enter that in. At that time, pick the Remember checkbox.

And, before you leave the station for the next user, don't forget to:
1. Open cmd prompt
2. cmdkey /del:Domain:target=Server
Otherwise, the other user will be able to see that folder.
3. Logoff

You can automate that via a .bat file that you can click:

cmdkey /del:Domain:target=Server
shutdown /f /l

Open in new window

0
 
Brian PiercePhotographerCommented:
Authentication via Kerosene @v_2abhis2 ! - sounds explosive!
0
 
NVITCommented:
Edit:

jpfulton,

You can automate the connect and disconnect parts.

Make a ConnShare.bat file somewhere. Run it from the %AppData%\Microsoft\Windows\Start Menu\Programs\Startup folder or Logon gpo:
cmdkey /add:Server\c$\RestrictedFolder /user:Server\User1 /pass:password

Open in new window


At this point, you can Windows Explore the restricted share.

When you leave (disconnect), do the steps in my last post. For total hands-off, you can have it run via the Logoff gpo. It's important that you logoff.
0
 
jpfultonAuthor Commented:
Thanks guys. I best solution goes to  VB ITS but points also to NewVillageIT.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 6
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now