So we have a new salesperson. He's going to work out of his home-office in Indiana, but he's down here at our corporate office for a couple of weeks.
I got him a laptop, and got it setup, and decided not to put it on the domain, since he'll be using VPN to get back to our Terminal Server, where he'll access all of his stuff. So he's been down here for about two weeks, and I handed him the laptop a week ago, and have been tweaking stuff as we go, making sure that he has access to the stuff that he needs.
So today I'm fooling with some random small problem, when I go to browse to our network file server. I get in, and accidentally click on the wrong folder. Now what should happen is that he should get a little message that says "You don't have access, blah blah blah". But I don't. Instead, I'm right in. It also occured to me, right at that second, that I did not authenticate when I hit the file server. To put that in non tech terms, I accessed our secure file server without it knowing who the hell I was. I clicked through a few more folders, testing folders that were more and more secure, finally checking our super-duper-secure folder. I can get into them all. So, I spent just a couple of seconds completely freaking out.
If this laptop- which is just part of a default workgroup, not on the domain, hence, no permissions on the domain, it doesn't even exist as far as domain security is concerned- can access any folder on our file server.. maybe on our network? I remotely log onto our domain controller and start double checking security and share permissions. I start second guessing myself. "Well, I thought that security overrode share settings..".
I spend about 10 minutes in simmering panic mode, trying to figure out how the hell I can access all of this data - its not supposed to work this way. I'm even trying to figure out the likelihood of having been the victim of a worm or trojan that somehow botches network security.
Finally the brain cells start to really fire, and it occurs to me to check and see what account the domain controller is seeing, that is accessing the data. In other words, what credentials am I using to hit this data?
.......??? I'm not logged into the local machine as administrator.
Then it clicks.
I bet that while setting up this laptop, I hit the network and used the administrator credentials. But why is it caching them? Why am I not having to re authenticate? I even tried mapping a network drive with the salesperson's credentials, then unmapped it, and tried the data again - still administrator.
So now I'm trying to figure out how to uncache network logon info.
I start digging around on google. "clear network logon cache", nothing good. "clear share password network", nothing good. I start mixing and matching words, trying to get something. Anything.
rundll32.exe keymgr.dll, KRShowKeyMgr
It brings up a handy little screen that shows the stored logon info for network locations. I dig around a little more and find that on Windows Server 2003, its an icon in the control panel! Handy!