Clear \\server\c$ network connection on Win 10 computer mapped with domain admin credentials

A domain administrator within my organization has established a connection to our domain controller using the \\server\c$ connection that he has mapped using the domain admin administrator username and password.

How can I clear this connection on the Windows 10 computer so that this C$ server admin share connection will no longer be accessible?

If the \\server\c$ connection is typed within the run dialog box or within Windows Explorer on this Windows 10 computer the connection is automatically established and there is no prompt for typing in the domain administrator username and password.

I have already looked at the Windows credential manager but I don't see this connection listed. I have also typed the net use "\\server\c$" /d /y from an elevated command prompt on this Windows 10 computer and have also gone into Shared Folders\Sessions list within Computer Management on this Server 2016 server and have ended the connection but the user on the Windows 10 computer is still able to reconnect to this network share.

How can this connection be terminated without having to reboot this Windows 10 computer?
IT GuyNetwork EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
What you see for automatic connection should only occur for the Administrator. Log off this user and sign on as a regular user. Is this connection still there?

Did the Domain Admin put a script on the server to give themselves access?
DonNetwork AdministratorCommented:

Download PsExec.exe from and copy it to C:\Windows\System32 .

From a command prompt run:    psexec -i -s -d cmd.exe

From the new DOS window run:  rundll32 keymgr.dll,KRShowKeyMgr
IT GuyNetwork EngineerAuthor Commented:

I have followed those instructions and have also looked at the website but these instructions haven't terminated the \\server\c$ connection to the server that is mapped with the domain admin credentials even though when the KeyMgr utility appeared I ended this connection.

Even after doing this we are still able to connect to the server using the \\server\c$ connection on this user's Windows 10 computer.

I need to be able to terminate this \\server\c$ connection without logging off the current user since there are things running on this user's computer that we can't interrupt.

How can this be done?
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

JohnBusiness Consultant (Owner)Commented:
Is the existence of this issue causing a big problem? Allow the programs on the computer to end normally and restart the computer.
IT GuyNetwork EngineerAuthor Commented:
I'm trying to find a way of terminating this \\server\c$ connection to the server which is mapped with the domain admin administrator username and password without having to reboot the Windows 10 computer or take any other drastic steps.

I know that there are ways of doing this I'm just not sure how to do this.

How can this be done?
JohnBusiness Consultant (Owner)Commented:
What happens if you go to Windows Explorer on the Workstation and disconnect the network drive. Right click on it and disconnect it? Then wait for the application to complete.
Try these two commands:
net use  \\server\c$ /del
net use \\server\ipc$ /del

Open in new window

IT GuyNetwork EngineerAuthor Commented:

When I type in these two commands from an elevated command prompt I get messages that say "The network connection could not be found."

Also, this connection doesn't appear within Windows Explorer which is why I can't right click on it and disconnect it.
JohnBusiness Consultant (Owner)Commented:
Is it may not connected after all?
JohnBusiness Consultant (Owner)Commented:
It has been some hours since you first posted. Are the local programs complete?
Steve KnightIT ConsultancyCommented:
If he is a domain admin on this running PC, or was when the account was logged in then he has access to the C$ share on the DC anyway and wouldn't need any or be prompted for credentials so can re-establish the connect simply by looking at it?
IT GuyNetwork EngineerAuthor Commented:
No the user on this Windows 10 computer is a regular domain user who under normal circumstances has no access to the server!

The problem is that an admin who knows the domain admin username and password worked on this user's Windows 10 computer and established a connection to the \\server\c$ connection which he authenticated with using the administrator domain admin username and password.

We are now trying to invalidate or disconnect that \\server\c$ connection but so far have been unable to do so.

Currently, we are not able to log the current user off of the Windows 10 computer or restart or shut down his computer.

So how can we disconnect this \\server\c$ connection that has been mapped using the domain admin administrator username and password?
JohnBusiness Consultant (Owner)Commented:
Ctrl Alt Del and LOCK.  Lock the computer till morning, and restart it at that time.  It needs to be restarted to fix the issue.
IT GuyNetwork EngineerAuthor Commented:
How can this be done without restarting the computer?
JohnBusiness Consultant (Owner)Commented:
You cannot reliably remove the connection without restarting (or logging off). That is the way Windows server connections work. So wait until you can restart the computer.

Lock it in the meantime.
You can try cycling the server service on the DC.. (I am assuming you want to terminate the connection from the DC side and not from the client side).

You could also turn on the firewall, and use the firewall to block any connections from the Win10 machine.. that will block it completely until you can bounce the Win10 machine.

Open credential manager and delete the saved credentials in there (start menu - type "credential manager"). If you find none in there, then simply logoff and logon again and you shouldn't be able to access c$ anymore.
Peter HutchisonSenior Network Systems SpecialistCommented:
Open Computer Management console, Shared Folders, Sessions. Does this connection should up? If so, you can  select the session and select 'Close Session'.
If I understand, you are not trying to clear the connection, only clear the "credentials" so that the connection cannot be re-established, and do so without logging off or rebooting.

I would start by checking and clearing the appropriate tickets from the kerberos cache
JohnBusiness Consultant (Owner)Commented:
IT Guy-  Is this computer still running non-stop applications 10 hours later?
DonNetwork AdministratorCommented:
Lately, I came across the solution:
Simply restart the service named "workstation".

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.