SOLVED One Machine Can Access All CIFS Shares Without Login

[xRazoo]

My FreeNAS box is currently setup with 3 CIFS Shares each with their own paths that go to their own ZFS Dataset. Each Dataset has a different set of permissions giving access to Owner (User): Root and Owner (Group): Group Authorized for that Dataset.

There are multiple machines (Windows 7) and users on my network and each user has a User account for the FreeNAS that is tied to one of the three groups with permissions for the three datasets. Either you are group #1 that can only access the #1 Share, Group #2 can access Shares #2 and #1, and Group #3 can access Share #3, #2, and #1. When going to a share on a machine a user is prompted to login with their FreeNAS user account.

The problem is one machine stopped being prompted for a login. Upon startup it can access any CIFS share it pleases while all the other machines upon Log Off or Shut Down must re-login. Any idea why this has started happening or how I can fix it?



Side Question: Is there any way to prompt for a login to a CIFS Share after so many minutes of non-use? Say after 15 minutes of not moving a file to or from the FreeNAS box to require a re-login so a Log Off or Shut Down of the machine is not needed for different users to use different machines.

Thanks for any input on this issue.

 

[Mlovelace]

Are the FN login credentials cached on the Windows box (network passwords) that doesn't prompt after start-up?

 

[xRazoo]

They very well might be. What is the best way to check and if the case, make it so it doesn't cache it again?

 

[Mlovelace]

They very well might be. What is the best way to check and if the case, make it so it doesn't cache it again?

You can remove the cached credentials from:

Control Panel\All Control Panel Items\User Accounts

click the username

1. To the left you will see Manage your credentials. From that select the share name and remove
   
   Once the above is done, delete using net use
2. Start > Run > cmd > net use * /DELETE

 

[Ericloewe]

They very well might be. What is the best way to check and if the case, make it so it doesn't cache it again?

Search for "Credential Manager" in Windows. Next time, don't have it save the password.

Note that Windows automatically tries the current user credentials when logging on to a server, but I believe this can be controlled in the credential manager as well.

 

[xRazoo]

I went into Credential Manager and removed the FreeNAS login... Can't believe it was something so simple. Is there anyway to remove the option to remember credentials?

 

[cyberjock]

No, but you can choose not to check the box to save them. ;)

 

[rogerh]

The XP system was safer: offer a dialogue box for share login credentials, and then totally fail to use the information supplied. The only place you could enter them was hidden under a rock somewhere. At least they didn't get remembered unintentionally.

 

[gpsguy]

Enabling "Network access: Do not allow storage of credentials or .NET Passports for network authentication" should disable the ability to save the credentials.

The option is located here: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

Create a group policy to enable it. You'd probably have to delete any that were saved, before you implemented a group policy.

Is there anyway to remove the option to remember credentials?

 

[Mlovelace]

Just follow the technet instructions. It's a local security policy so if you're in an AD domain you can set a GPO or edit the local machine if your on a workgroup.
http://technet.microsoft.com/en-us/library/jj852185(v=ws.10).aspx

 

[xRazoo]

Thanks for the info and links. That is all taken care of now.

So final question, is there anyway to do a time-out for the CIFS shares?