IT Guy
asked on
Clear \\server\c$ network connection on Win 10 computer mapped with domain admin credentials
A domain administrator within my organization has established a connection to our domain controller using the \\server\c$ connection that he has mapped using the domain admin administrator username and password.
How can I clear this connection on the Windows 10 computer so that this C$ server admin share connection will no longer be accessible?
If the \\server\c$ connection is typed within the run dialog box or within Windows Explorer on this Windows 10 computer the connection is automatically established and there is no prompt for typing in the domain administrator username and password.
I have already looked at the Windows credential manager but I don't see this connection listed. I have also typed the net use "\\server\c$" /d /y from an elevated command prompt on this Windows 10 computer and have also gone into Shared Folders\Sessions list within Computer Management on this Server 2016 server and have ended the connection but the user on the Windows 10 computer is still able to reconnect to this network share.
How can this connection be terminated without having to reboot this Windows 10 computer?
How can I clear this connection on the Windows 10 computer so that this C$ server admin share connection will no longer be accessible?
If the \\server\c$ connection is typed within the run dialog box or within Windows Explorer on this Windows 10 computer the connection is automatically established and there is no prompt for typing in the domain administrator username and password.
I have already looked at the Windows credential manager but I don't see this connection listed. I have also typed the net use "\\server\c$" /d /y from an elevated command prompt on this Windows 10 computer and have also gone into Shared Folders\Sessions list within Computer Management on this Server 2016 server and have ended the connection but the user on the Windows 10 computer is still able to reconnect to this network share.
How can this connection be terminated without having to reboot this Windows 10 computer?
Try
http://btburnett.com/2014/05/windows-domain-account-lockout-mystery.html
Download PsExec.exe from http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx and copy it to C:\Windows\System32 .
From a command prompt run: psexec -i -s -d cmd.exe
From the new DOS window run: rundll32 keymgr.dll,KRShowKeyMgr
http://btburnett.com/2014/05/windows-domain-account-lockout-mystery.html
Download PsExec.exe from http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx and copy it to C:\Windows\System32 .
From a command prompt run: psexec -i -s -d cmd.exe
From the new DOS window run: rundll32 keymgr.dll,KRShowKeyMgr
ASKER
Don,
I have followed those instructions and have also looked at the website but these instructions haven't terminated the \\server\c$ connection to the server that is mapped with the domain admin credentials even though when the KeyMgr utility appeared I ended this connection.
Even after doing this we are still able to connect to the server using the \\server\c$ connection on this user's Windows 10 computer.
I need to be able to terminate this \\server\c$ connection without logging off the current user since there are things running on this user's computer that we can't interrupt.
How can this be done?
I have followed those instructions and have also looked at the website but these instructions haven't terminated the \\server\c$ connection to the server that is mapped with the domain admin credentials even though when the KeyMgr utility appeared I ended this connection.
Even after doing this we are still able to connect to the server using the \\server\c$ connection on this user's Windows 10 computer.
I need to be able to terminate this \\server\c$ connection without logging off the current user since there are things running on this user's computer that we can't interrupt.
How can this be done?
Is the existence of this issue causing a big problem? Allow the programs on the computer to end normally and restart the computer.
ASKER
I'm trying to find a way of terminating this \\server\c$ connection to the server which is mapped with the domain admin administrator username and password without having to reboot the Windows 10 computer or take any other drastic steps.
I know that there are ways of doing this I'm just not sure how to do this.
How can this be done?
I know that there are ways of doing this I'm just not sure how to do this.
How can this be done?
What happens if you go to Windows Explorer on the Workstation and disconnect the network drive. Right click on it and disconnect it? Then wait for the application to complete.
Try these two commands:
net use \\server\c$ /del
net use \\server\ipc$ /del
ASKER
kevinhsieh,
When I type in these two commands from an elevated command prompt I get messages that say "The network connection could not be found."
Also, this connection doesn't appear within Windows Explorer which is why I can't right click on it and disconnect it.
When I type in these two commands from an elevated command prompt I get messages that say "The network connection could not be found."
Also, this connection doesn't appear within Windows Explorer which is why I can't right click on it and disconnect it.
Is it may not connected after all?
It has been some hours since you first posted. Are the local programs complete?
If he is a domain admin on this running PC, or was when the account was logged in then he has access to the C$ share on the DC anyway and wouldn't need any or be prompted for credentials so can re-establish the connect simply by looking at it?
ASKER
No the user on this Windows 10 computer is a regular domain user who under normal circumstances has no access to the server!
The problem is that an admin who knows the domain admin username and password worked on this user's Windows 10 computer and established a connection to the \\server\c$ connection which he authenticated with using the administrator domain admin username and password.
We are now trying to invalidate or disconnect that \\server\c$ connection but so far have been unable to do so.
Currently, we are not able to log the current user off of the Windows 10 computer or restart or shut down his computer.
So how can we disconnect this \\server\c$ connection that has been mapped using the domain admin administrator username and password?
The problem is that an admin who knows the domain admin username and password worked on this user's Windows 10 computer and established a connection to the \\server\c$ connection which he authenticated with using the administrator domain admin username and password.
We are now trying to invalidate or disconnect that \\server\c$ connection but so far have been unable to do so.
Currently, we are not able to log the current user off of the Windows 10 computer or restart or shut down his computer.
So how can we disconnect this \\server\c$ connection that has been mapped using the domain admin administrator username and password?
Ctrl Alt Del and LOCK. Lock the computer till morning, and restart it at that time. It needs to be restarted to fix the issue.
ASKER
How can this be done without restarting the computer?
You cannot reliably remove the connection without restarting (or logging off). That is the way Windows server connections work. So wait until you can restart the computer.
Lock it in the meantime.
Lock it in the meantime.
You can try cycling the server service on the DC.. (I am assuming you want to terminate the connection from the DC side and not from the client side).
You could also turn on the firewall, and use the firewall to block any connections from the Win10 machine.. that will block it completely until you can bounce the Win10 machine.
Coralon
You could also turn on the firewall, and use the firewall to block any connections from the Win10 machine.. that will block it completely until you can bounce the Win10 machine.
Coralon
Open credential manager and delete the saved credentials in there (start menu - type "credential manager"). If you find none in there, then simply logoff and logon again and you shouldn't be able to access c$ anymore.
Open Computer Management console, Shared Folders, Sessions. Does this connection should up? If so, you can select the session and select 'Close Session'.
If I understand, you are not trying to clear the connection, only clear the "credentials" so that the connection cannot be re-established, and do so without logging off or rebooting.
I would start by checking and clearing the appropriate tickets from the kerberos cache
https://blogs.technet.microsoft.com/tspring/2014/06/23/viewing-and-purging-cached-kerberos-tickets/
I would start by checking and clearing the appropriate tickets from the kerberos cache
https://blogs.technet.microsoft.com/tspring/2014/06/23/viewing-and-purging-cached-kerberos-tickets/
IT Guy- Is this computer still running non-stop applications 10 hours later?
Sounds like you are trying to turn off administrative shares
https://support.microsoft.com/en-us/help/954422/how-to-remove-administrative-shares-in-windows-server-2008
https://support.microsoft.com/en-us/help/954422/how-to-remove-administrative-shares-in-windows-server-2008
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Did the Domain Admin put a script on the server to give themselves access?