hi,
if i open a machine from "my network places", it is asking me for the password for the first time since i am using a xp home machine. after i authenticate with my domain account, i am able to successfully browse that machine and access the files. now, when i close this window, and try to re-connect to that machine - it directly opens the machine with the shared folders - it does not re-ask me for username/password until i reboot the machine.

while the above is all the expected functionality, my question is where is this login info cached ? i want to clear the session totally without shutting down the machine so that if somebody tries to access the network machine, they should not see the previously cached one.

Try logging off your user connection in Windows and log back on again maybe.

There is a tweak (http://www.winguides.com/registry/display.php/1099/) to enable/disable keeping the remote connection alive.

i cannot/should not log off. all that i want is windows to re-prompt me for the username/password everytime I try to browse a network machine (not just the first time)

Ok, I think I can answer your problem. First off, you said you have windows XP Home; XP Home does not authenticate like XP Pro, it uses the guest account for simple file sharing.SFS (http://www.practicallynetworked.com/sharing/xp/filesharing.htm) Normally when you log onto a XP 2k or XP Pro box and type in your username and password and you join a domain, you are authenticated by a server and after some handshaking are granted a access token. This token allows you to travel the network and access objects in the active directory. XP Home doesn't do this. If you have an account on the domain and enter the right username and password, you have access to shared objects in active directory until you log off... SO to answer your question, in order to do what you want you need to log off your machine, XP Home does not authenticate like your asking it to do.

Your security concern is misplaced. MS made XP Home to be wide open and easy to use for home networks. You're trying to bang a square peg into a round hole. Besides the security problem we are talking about, there are many others that someone could exploit on XP Home. The real issue here is why not upgrade to XP Pro because, it sounds like you are focused on securing your Domain, not just the Home machine. That's what we are talking about here, securing the Domain. Just having an XP home machine is a big security flaw.

XP Home vs. Pro overview
link (http://techrepublic.com.com/5100-6313-1038781.html)

Variable

Originally posted by Variable
SO to answer your question, in order to do what you want you need to log off your machine, XP Home does not authenticate like your asking it to do.

XP Pro will do the same thing as Home in this regard and it happens regardless of using a central domain authentication or not. Simple File Sharing is not the issue. Any login information for shared network resources will be cached until the user logs off.

Sounds good.

1. I want to know which lower level protocol does file sharing mechanism use.

2. By knowing the above, I want to programaticaly disable the packets of that protocol - and also clear anything that is previously cached.

ahh, But Pave, your forgetting about AD/group policy and XP Home won't do it ..!


When I first read his problem, I thought a group policy could be made to handle this situation easily. Say for instance this one.

Amount of idle time required before disconnecting session. : )
Then you simply adjust the Local policy setting to
Disconnect when idle time exceeds: 10 minutes? or less if ya wanted

One of the best things about the domain enviroment in general, is the fine tuning of security policy. But, you have to have the Operating System on the workstation to take advantage of its full functionality. In his case, to implement the proper rules governing access to network resources in his domain, would require him to have a user account set up with the domain, he would have to authenticate using kerberos and then the security policy could be placed on his guid (token), then is he showed no activity for say 10 minutes he would be logged off and then the person who came to his machine would have to authenticate to AD again... See??

So his problem is indeed his operating system. All his problems simply stem from XP Home, remember he is on a domain already..he wants to set up a policy for a network resource...

Great question though.

If you upgrade to Professional post back. Setting up the policy is trivial.

Variable