disable passing local credentials to SMB servers
Last response: in Windows XP
Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)
I am having an issue, but then again, aren't we all?
QUESTION 1:
Our environment is a large organization in a workgroup setting (no
domain/AD).
All computers are running Windows XP Pro (SP2)
We have a generic local user account setup for each conference room
computer in our organization, let's say...
username: confroom
password: confroom
This enables any user to login and get basic access to a computer. i.e.
web browsing/email.
The confroom account also, is a valid account for email and file services.
We are using UNC paths to access network shares. Apparently mapping a
drive using different user credentials is too complicated for our users.
When users try to access an SMB network share, the local user info is
passed to, and accepted by the remote server.
The problem is that this generic user has no rights to any network shares.
I want to prevent this auto-login process from happening.
I would like the user to be presented with a login box.
EXAMPLE:
1. Dilbert walks into a conference room and wants to use computer.
2. Dilbert logins locally to computer using confroom account
3. Dilbert attempts to use start-Run to access \\server1\share
4. Dilbert hits enter and computer uses confroom account to authenticate
5. Dilbert gets back error message that, "\\server1\share is not
accessible...Network access is denied."
I just love Dilbert
EXTRA CREDIT QUESTION 2:
When a user connects to a server via UNC paths from the run line, is
there any way to disconnect/logout from the server without restarting or
logging off the machine?
I am having an issue, but then again, aren't we all?
QUESTION 1:
Our environment is a large organization in a workgroup setting (no
domain/AD).
All computers are running Windows XP Pro (SP2)
We have a generic local user account setup for each conference room
computer in our organization, let's say...
username: confroom
password: confroom
This enables any user to login and get basic access to a computer. i.e.
web browsing/email.
The confroom account also, is a valid account for email and file services.
We are using UNC paths to access network shares. Apparently mapping a
drive using different user credentials is too complicated for our users.
When users try to access an SMB network share, the local user info is
passed to, and accepted by the remote server.
The problem is that this generic user has no rights to any network shares.
I want to prevent this auto-login process from happening.
I would like the user to be presented with a login box.
EXAMPLE:
1. Dilbert walks into a conference room and wants to use computer.
2. Dilbert logins locally to computer using confroom account
3. Dilbert attempts to use start-Run to access \\server1\share
4. Dilbert hits enter and computer uses confroom account to authenticate
5. Dilbert gets back error message that, "\\server1\share is not
accessible...Network access is denied."
I just love Dilbert
EXTRA CREDIT QUESTION 2:
When a user connects to a server via UNC paths from the run line, is
there any way to disconnect/logout from the server without restarting or
logging off the machine?
More about : disable passing local credentials smb servers
Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)
On the sharing computer:
Go to control pannel
Click users
Add the user name(s) that you want to DENY access. Make sure to give them
"Guest" privledges AND disable the account.
Close the control pannel and the user manager.
On the share:
Go into the security settings of the share by right-clicking on it and
selecting "sharing an security" (from the computer you are sharing the
file.)
on the sharing tab click "permissions"
Add the username you want to disable
Select the "Deny" checkboxes for that user. (Make sure you select only the
user you wish to deny, and not "everyone")
Click "OK" repeatedly to exit.
This should deny only that username.
-David Rios
"PJ" <pjleflar@yahoonoreply.com> wrote in message
news:42B09118.7080104@yahoonoreply.com...
>I am having an issue, but then again, aren't we all?
>
>
> QUESTION 1:
> Our environment is a large organization in a workgroup setting (no
> domain/AD).
>
> All computers are running Windows XP Pro (SP2)
>
> We have a generic local user account setup for each conference room
> computer in our organization, let's say...
>
> username: confroom
> password: confroom
>
> This enables any user to login and get basic access to a computer. i.e.
> web browsing/email.
>
> The confroom account also, is a valid account for email and file services.
>
> We are using UNC paths to access network shares. Apparently mapping a
> drive using different user credentials is too complicated for our users.
>
> When users try to access an SMB network share, the local user info is
> passed to, and accepted by the remote server.
>
> The problem is that this generic user has no rights to any network shares.
>
> I want to prevent this auto-login process from happening.
>
> I would like the user to be presented with a login box.
>
> EXAMPLE:
>
> 1. Dilbert walks into a conference room and wants to use computer.
> 2. Dilbert logins locally to computer using confroom account
> 3. Dilbert attempts to use start-Run to access \\server1\share
> 4. Dilbert hits enter and computer uses confroom account to authenticate
> 5. Dilbert gets back error message that, "\\server1\share is not
> accessible...Network access is denied."
>
> I just love Dilbert
>
>
> EXTRA CREDIT QUESTION 2:
> When a user connects to a server via UNC paths from the run line, is there
> any way to disconnect/logout from the server without restarting or logging
> off the machine?
On the sharing computer:
Go to control pannel
Click users
Add the user name(s) that you want to DENY access. Make sure to give them
"Guest" privledges AND disable the account.
Close the control pannel and the user manager.
On the share:
Go into the security settings of the share by right-clicking on it and
selecting "sharing an security" (from the computer you are sharing the
file.)
on the sharing tab click "permissions"
Add the username you want to disable
Select the "Deny" checkboxes for that user. (Make sure you select only the
user you wish to deny, and not "everyone")
Click "OK" repeatedly to exit.
This should deny only that username.
-David Rios
"PJ" <pjleflar@yahoonoreply.com> wrote in message
news:42B09118.7080104@yahoonoreply.com...
>I am having an issue, but then again, aren't we all?
>
>
> QUESTION 1:
> Our environment is a large organization in a workgroup setting (no
> domain/AD).
>
> All computers are running Windows XP Pro (SP2)
>
> We have a generic local user account setup for each conference room
> computer in our organization, let's say...
>
> username: confroom
> password: confroom
>
> This enables any user to login and get basic access to a computer. i.e.
> web browsing/email.
>
> The confroom account also, is a valid account for email and file services.
>
> We are using UNC paths to access network shares. Apparently mapping a
> drive using different user credentials is too complicated for our users.
>
> When users try to access an SMB network share, the local user info is
> passed to, and accepted by the remote server.
>
> The problem is that this generic user has no rights to any network shares.
>
> I want to prevent this auto-login process from happening.
>
> I would like the user to be presented with a login box.
>
> EXAMPLE:
>
> 1. Dilbert walks into a conference room and wants to use computer.
> 2. Dilbert logins locally to computer using confroom account
> 3. Dilbert attempts to use start-Run to access \\server1\share
> 4. Dilbert hits enter and computer uses confroom account to authenticate
> 5. Dilbert gets back error message that, "\\server1\share is not
> accessible...Network access is denied."
>
> I just love Dilbert
>
>
> EXTRA CREDIT QUESTION 2:
> When a user connects to a server via UNC paths from the run line, is there
> any way to disconnect/logout from the server without restarting or logging
> off the machine?
Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)
Thanks for the suggestion, but I am already getting an access denied
situation.
I need a login box to allow me to login with different username and
password.
Also, while we are connecting to an SMB server it is a Mac OSX Server.
I need a client only solution, i.e. no server changes are allowed.
I just dont want the machine to pass the local username and password
when attempting to connect to \\server1\share.
We have tried setting the following local security policy to disabled:
1. Network Access: Do not allow storage of credentials or .NET passports
for network authentication.
2. Microsoft Network Client: Send unencrypted password to third-party
SMB servers.
David Rios wrote:
> On the sharing computer:
>
> Go to control pannel
>
> Click users
>
> Add the user name(s) that you want to DENY access. Make sure to give them
> "Guest" privledges AND disable the account.
>
> Close the control pannel and the user manager.
>
> On the share:
> Go into the security settings of the share by right-clicking on it and
> selecting "sharing an security" (from the computer you are sharing the
> file.)
>
> on the sharing tab click "permissions"
>
> Add the username you want to disable
>
> Select the "Deny" checkboxes for that user. (Make sure you select only the
> user you wish to deny, and not "everyone")
>
> Click "OK" repeatedly to exit.
>
> This should deny only that username.
>
> -David Rios
>
> "PJ" <pjleflar@yahoonoreply.com> wrote in message
> news:42B09118.7080104@yahoonoreply.com...
>
>>I am having an issue, but then again, aren't we all?
>>
>>
>>QUESTION 1:
>>Our environment is a large organization in a workgroup setting (no
>>domain/AD).
>>
>>All computers are running Windows XP Pro (SP2)
>>
>>We have a generic local user account setup for each conference room
>>computer in our organization, let's say...
>>
>>username: confroom
>>password: confroom
>>
>>This enables any user to login and get basic access to a computer. i.e.
>>web browsing/email.
>>
>>The confroom account also, is a valid account for email and file services.
>>
>>We are using UNC paths to access network shares. Apparently mapping a
>>drive using different user credentials is too complicated for our users.
>>
>>When users try to access an SMB network share, the local user info is
>>passed to, and accepted by the remote server.
>>
>>The problem is that this generic user has no rights to any network shares.
>>
>>I want to prevent this auto-login process from happening.
>>
>>I would like the user to be presented with a login box.
>>
>>EXAMPLE:
>>
>>1. Dilbert walks into a conference room and wants to use computer.
>>2. Dilbert logins locally to computer using confroom account
>>3. Dilbert attempts to use start-Run to access \\server1\share
>>4. Dilbert hits enter and computer uses confroom account to authenticate
>>5. Dilbert gets back error message that, "\\server1\share is not
>>accessible...Network access is denied."
>>
>>I just love Dilbert
>>
>>
>>EXTRA CREDIT QUESTION 2:
>>When a user connects to a server via UNC paths from the run line, is there
>>any way to disconnect/logout from the server without restarting or logging
>>off the machine?
>
>
>
Thanks for the suggestion, but I am already getting an access denied
situation.
I need a login box to allow me to login with different username and
password.
Also, while we are connecting to an SMB server it is a Mac OSX Server.
I need a client only solution, i.e. no server changes are allowed.
I just dont want the machine to pass the local username and password
when attempting to connect to \\server1\share.
We have tried setting the following local security policy to disabled:
1. Network Access: Do not allow storage of credentials or .NET passports
for network authentication.
2. Microsoft Network Client: Send unencrypted password to third-party
SMB servers.
David Rios wrote:
> On the sharing computer:
>
> Go to control pannel
>
> Click users
>
> Add the user name(s) that you want to DENY access. Make sure to give them
> "Guest" privledges AND disable the account.
>
> Close the control pannel and the user manager.
>
> On the share:
> Go into the security settings of the share by right-clicking on it and
> selecting "sharing an security" (from the computer you are sharing the
> file.)
>
> on the sharing tab click "permissions"
>
> Add the username you want to disable
>
> Select the "Deny" checkboxes for that user. (Make sure you select only the
> user you wish to deny, and not "everyone")
>
> Click "OK" repeatedly to exit.
>
> This should deny only that username.
>
> -David Rios
>
> "PJ" <pjleflar@yahoonoreply.com> wrote in message
> news:42B09118.7080104@yahoonoreply.com...
>
>>I am having an issue, but then again, aren't we all?
>>
>>
>>QUESTION 1:
>>Our environment is a large organization in a workgroup setting (no
>>domain/AD).
>>
>>All computers are running Windows XP Pro (SP2)
>>
>>We have a generic local user account setup for each conference room
>>computer in our organization, let's say...
>>
>>username: confroom
>>password: confroom
>>
>>This enables any user to login and get basic access to a computer. i.e.
>>web browsing/email.
>>
>>The confroom account also, is a valid account for email and file services.
>>
>>We are using UNC paths to access network shares. Apparently mapping a
>>drive using different user credentials is too complicated for our users.
>>
>>When users try to access an SMB network share, the local user info is
>>passed to, and accepted by the remote server.
>>
>>The problem is that this generic user has no rights to any network shares.
>>
>>I want to prevent this auto-login process from happening.
>>
>>I would like the user to be presented with a login box.
>>
>>EXAMPLE:
>>
>>1. Dilbert walks into a conference room and wants to use computer.
>>2. Dilbert logins locally to computer using confroom account
>>3. Dilbert attempts to use start-Run to access \\server1\share
>>4. Dilbert hits enter and computer uses confroom account to authenticate
>>5. Dilbert gets back error message that, "\\server1\share is not
>>accessible...Network access is denied."
>>
>>I just love Dilbert
>>
>>
>>EXTRA CREDIT QUESTION 2:
>>When a user connects to a server via UNC paths from the run line, is there
>>any way to disconnect/logout from the server without restarting or logging
>>off the machine?
>
>
>
Related ressources:
- Forum802.1x Credentials and reauthentication
- ForumIPSec to encrypt SMB traffic?
- Forum2003 server in a NT4 Domain.
- ForumWindows 7/ Server 2008 Network Share request for alternate credentials
- ForumUnable to save Exchange credentials as normal user - works as admin
- ForumTurn off SMB Signing?
- ForumXP Pro file sharing ( SMB ) performance problem
- ForumNetwork logon failure unknown user name or bad password
- ForumNew to IT, please help
- ForumCant connect to SMB share with different user names!
- ForumLocal machine - DNS issues?
- ForumHow to pass credentials
- ForumWindows 7 and Samba Issue
- ForumBest wireless router
- ForumWINS problem? Server ? Domain? all the above?
- ForumLocal group policy implementation erratic-why?
- ForumPCMCIA slots need more power??? HELP!
- ForumHow to disable Windows Update Page from automatically open..
- ForumHow to get local news server to carry news groups
- Forumdisplay Names vs local IP address?
- More resources
Read discussions in other Windows XP categories
!
