Windows XP Saves Passwords!

[crazychicken]

I have a Maxtor Central Axis NAS. I tried setting up user accounts and password protecting a shared folder (setup through the central axis management software). It worked perfectly. It wouldn't let the users that didn't have access login to that folder, and it did let the user that I gave access.

However, once a user with access has logged in, then anytime you try to go to the folder it lets you in without authentication! I'm assuming Windows has saved the password or something? Is there anyway to turn that "feature" off so you have to type the password every time?


Thanks!
Dave

 

[mechBgon]

Try this and see if it works:

1) log on with an Administrator-level account

2) run secpol.msc from the Start > Run box. The Local Security Policy window opens.

3) in Local Security Policy, try the option highlighted in this pic :camera:. A reboot will be necessary to put it into effect.


Any good?

 

[crazychicken]

hm
Windows cannot find secpol.msc

I'm running XP Home... I bet that's an XP Pro only thing, right? If so, is there anyway to do something equivalent on XP Home?

Dave

 

[GaryJohnson]

So are you saying it lets the user without access into the share when the user with access is still logged in? Can the user with access not make sure to log out before the user without access logs in?

 

[crazychicken]

Are you talking about logging in/out of windows? I am saying under a random windows account (call it User1), I login to the network shared folder with credientials David:avid. Then I close the folder. Then I open the folder again. I'd like it to request the password again, but instead it simply opens the folder as if there were no password.

Know what I mean?

Dave

 

[Nothinman]

You probably have to disconnect the share completely with net use, I don't believe you can do it from the GUI.

 

[yinan]

Its working as intended. Windows doesnt save the password itself persay, but it gets a ticket that is authorized to use the device and it retains that. I do not think there is a way to make it prompt for a password every time you connect.

 

[bsobel]

Originally posted by: crazychicken
hm
Windows cannot find secpol.msc

I'm running XP Home... I bet that's an XP Pro only thing, right? If so, is there anyway to do something equivalent on XP Home?

Dave

Home doesnt support cached credentials, so this should last until the next reboot.
Bill

 

[crazychicken]

Has anyone done this personally with XP Pro to tell me how it behaves? I can't recommend to the company to buy a few XP Pro's unless I'm sure it works like that!

 

[bsobel]

Originally posted by: crazychicken
Has anyone done this personally with XP Pro to tell me how it behaves? I can't recommend to the company to buy a few XP Pro's unless I'm sure it works like that!

XP has cached credentials, meaning it can save this across reboots as well.

 

[crazychicken]

But I DONT want to save it, I want to have to enter the password anytime the folder is opened.

 

[bsobel]

Originally posted by: crazychicken
But I DONT want to save it, I want to have to enter the password anytime the folder is opened.

Thats now how Windows and most real network clients work. Why such a non-standard requirement?

 

[crazychicken]

I mean it just seems completely worthless to setup all these "secure" folders and then once you've logged into them once anyone who sits at that computer can access them. Doesn't sound very secure to me...

 

[bsobel]

Originally posted by: crazychicken
I mean it just seems completely worthless to setup all these "secure" folders and then once you've logged into them once anyone who sits at that computer can access them. Doesn't sound very secure to me...

The user machines should be secured as well. In your scenario, what dictates the 'end' of the session, the user closing the explorer window? There isnt something in the protocol tied to that being a 'logoff'.... And you certainly dont want to authenticate on each transaction (each find first, find next, open, etc)...

 

[crazychicken]

so you're saying if I log out of windows and login as a different user then I will be asked for the password again? So if the password has never been entered under a particular user account then they will not have access to those folders?

 

[bsobel]

Originally posted by: crazychicken
so you're saying if I log out of windows and login as a different user then I will be asked for the password again? So if the password has never been entered under a particular user account then they will not have access to those folders?

Oh yes, of course. Sorry, I *completely* missed that was the concern. That 'ticket' as you will is for the current user not all users on the box. You can fast user switch between two users, one with access will not give the other user access....