Solved

Have Windows Prompt for Password when Accessing Network Share -- Windows Domain

Posted on 2014-12-11
19
347 Views
Last Modified: 2014-12-12
I want to be able to go to "Run" and type in a UNC path then have it prompt me for credentials (assuming credentials aren't already saved. I know that I can just map and disconnect network drives to accomplish this, but I want this to be able to be a quick operation as needed. I tried a batch file with:
runas /user:USER explorer.exe
which got me to an explorer window where I could type in a UNC path. It was working for a few minutes and now is no longer workiing.
0
Comment
Question by:jpfulton
  • 7
  • 6
  • 4
  • +2
19 Comments
 
LVL 23

Expert Comment

by:NVIT
ID: 40494856
...is no longer workiing.
What's not working... runas...Explorer?
0
 

Author Comment

by:jpfulton
ID: 40494876
What I'd really like is to just pop up the "Run" window and type a UNC path.    runas...explorer was my workaround. Currently it works in that it is opening an explorer window, however upon going to the address bar and typing in my desired UNC path I'm still getting a credentials error.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 40494887
Why?
What's wrong with using windows security as it was meant to be used.
0
 

Author Comment

by:jpfulton
ID: 40494899
Nothing's wrong with that. What do you mean specifically? Like use a mapped drive?
0
 
LVL 23

Expert Comment

by:NVIT
ID: 40494906
...it was working for a few minutes
What do you mean?
0
 

Author Comment

by:jpfulton
ID: 40494918
I mean I setup a batch file to run that command and tried it. I tried the batch file again a few minutes later and it worked again then a few minutes executed the batch file and again it worked. Now I try it (30 minutes later) and although it opens the explorer window, I'm denied access to the network share.
0
 

Author Comment

by:jpfulton
ID: 40494919
Here's my unfortunate reality: If I'm not in the office sometimes the boss will have someone else go on my computer. It is terrible, stupid, bad security and pisses me off but it's my reality. I need to be able to access protected shares across the network but I want to be prompted every time I need to. I want to make sure that  someone else using my computer doesn't automatically get them access to all network shares.
0
 
LVL 23

Expert Comment

by:NVIT
ID: 40494922
You mean they use your user name and logon?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 40494949
Windows is designed to use single sign-on authentication. They have a single username and password.
A user is authenticated by windows and then you control which resources (files and folders), they have access to by applying the appropriate security permissions.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:jpfulton
ID: 40494950
Unfortunately, yes. The main goal is to access my email/sent email. Obviously this could be accomplished via webmail and IMAP but that's just not our setup.

EDIT: Some patience from the boss would go a long way too but alas, it is his signature on the paycheck.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 40495175
You need a fundamental review of your security. Its a disaster waiting to happen.
0
 
LVL 23

Expert Comment

by:NVIT
ID: 40495187
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 300 total points
ID: 40495243
Do these people have your credentials, i.e. do they know your username and password?

If so you can try the below:

Create a batch file on your desktop to delete your network drive mappings and run it each time you leave the office. Command to use would look like this: net use N: /delete /y
Remove your account from the NTFS permissions on the network shares
Grant another account (such as a separate domain admin account or secondary user account) full access to these shares
Create another batch file to remap the network drives but have it prompt for credentials (sample code below)
@echo off
set /p userid=Enter username: 
set /p userpw=Enter password: 

net use N: \\server\share /user:%userid% %userpw%

pause

Open in new window

Since you've removed access to these shares from your own account, anybody who tries to map these drives using your credentials will just get an Access is denied error.

Whereas if you use the credentials for a separate account which has full access to the network shares, you'll be able to map the drives without issues.

The above batch file doesn't store username or passwords either so you could skip bullet points 2 and 3 if other staff don't have your password.
0
 
LVL 23

Assisted Solution

by:NVIT
NVIT earned 200 total points
ID: 40495254
jpfulton,

I tested cmdkey. I think it does what you want. Imaging yourself as User1.

Open a CMD prompt as current logged on user (you)

cmdkey /add:Server\c$\RestrictedFolder /user:Server\User1 /pass:password
CMDKEY: Credential added successfully.

Open windows explorer at \\Server\c$\RestrictedFolder
It works

Just to confirm, logoff then logon

Open windows explorer at \\Server\c$\RestrictedFolder
It works

cmdkey /list

Currently stored credentials:

    Target: Domain:target=Server
    Type: Domain Password
    User: Server\User1

cmdkey /del:Domain:target=Server

Logoff
At this point, the other person logs on as user1 with same password

Open windows explorer at \\Server\c$\RestrictedFolder
As expected, Windows security dialog asks for creds

Note: Each time you /add or /delete a target, you have to log off then logon to see the effect.

Of course, the next time YOU open the path with Windows Explorer, you'll get the creds dialog and you have to enter that in. At that time, pick the Remember checkbox.
0
 
LVL 3

Expert Comment

by:v_2abhis2
ID: 40495281
0
 
LVL 23

Assisted Solution

by:NVIT
NVIT earned 200 total points
ID: 40495290
Of course, the next time YOU open the path with Windows Explorer, you'll get the creds dialog and you have to enter that in. At that time, pick the Remember checkbox.

And, before you leave the station for the next user, don't forget to:
1. Open cmd prompt
2. cmdkey /del:Domain:target=Server
Otherwise, the other user will be able to see that folder.
3. Logoff

You can automate that via a .bat file that you can click:

cmdkey /del:Domain:target=Server
shutdown /f /l

Open in new window

0
 
LVL 70

Expert Comment

by:KCTS
ID: 40495376
Authentication via Kerosene @v_2abhis2 ! - sounds explosive!
0
 
LVL 23

Assisted Solution

by:NVIT
NVIT earned 200 total points
ID: 40495406
Edit:

jpfulton,

You can automate the connect and disconnect parts.

Make a ConnShare.bat file somewhere. Run it from the %AppData%\Microsoft\Windows\Start Menu\Programs\Startup folder or Logon gpo:
cmdkey /add:Server\c$\RestrictedFolder /user:Server\User1 /pass:password

Open in new window


At this point, you can Windows Explore the restricted share.

When you leave (disconnect), do the steps in my last post. For total hands-off, you can have it run via the Logoff gpo. It's important that you logoff.
0
 

Author Closing Comment

by:jpfulton
ID: 40496139
Thanks guys. I best solution goes to  VB ITS but points also to NewVillageIT.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

So many times I have seen the words written in a question "if only I could show you" or " I know how hard it is for you since you can't see it" in any zone. That has inspired me to write about this tool in windows 7 called "Problem Steps Recorder…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now