How can I prevent Windows 2008R2 "Connect using different credentials" share access

KLMNADM · Apr 22, 2014

I need to prevent users logged on to a domain with one account from accessing a file share on another server with alternate credentials. The goal is to make sure that data from one project is not co-mingled with data from another project. The users have multiple accounts that are set up to access only the shares that these accounts have permissions on.

If John has two accounts (John_A and John_B) I don't want the John_A account to be able to use "Connect using different credentials" (John_B in this case) to access a share on a different server that only the John_B account should have access to.

I have searched quite a bit but can't find anything but ways to enable "Connect using different credentials."

Thanks for any help on this topic.

mbreslin1954 · Apr 22, 2014

You can't do what you want. The only way is to give users only one account, then control their access to various resources (such as file shares) with their account. You grant access to certain resources and deny them access to other resources, based on their accounts. The whole security paradigm is set up that way. Why would you control access to files by giving users multiple accounts?

KLMNADM · Apr 22, 2014

It is difficult to explain but each share represents a project that contains data that cannot be, for legal reasons, co-mingled with data from one of the other shares. However, a single user may have access to two or more of those projects therefore needing a different logon for each of those shares.

mbreslin1954 · Apr 22, 2014

So you keep the data separate, don't mingle them. Each share is different, separate. But if one person has access to both sets of separate data, then you give that person's userid privileges to both sets of separate data. How is that different from giving the same person two different userids? Am I missing something?

This makes no sense at all. You give him access to both sets of data through two different userids, but then you don't want him accessing both sets of data? You are being contradictory.

Or is the issue that you want to force him to log off of one userid and log on with another before he can access the second set of data? Why does that make a difference?

USAFRet · Apr 22, 2014

I too am not getting this.

If a user has two accounts, JohnA and JohnB, then that user (the human behind the keyboard) can access whatever both JohnA and JohnB accounts have access to.

hang-the-9 · Apr 22, 2014

KLMNADM :

If the users are prompted for access, they will just need to stop right there and not access the files. Not that hard to train them. If you can't get to the files normally under the account you are on, don't try to get to them.

Search

How can I prevent Windows 2008R2 "Connect using different credentials" share access

KLMNADM

Reputable

mbreslin1954

Distinguished

KLMNADM

Reputable

mbreslin1954

Distinguished

USAFRet

Titan

hang-the-9

Titan

TRENDING THREADS

Latest posts

Moderators online

Share this page