avoid storing omv credentials in windows

  • Good morning,
    I have created shared folders on my omv.
    When the windows user logs in to the omv network resource, he is first asked to enter his omv user credentials.
    Depending on the privileges of the omv user, it can only access certain shared folders.
    But there is a problem: when entering the credentials, if the user ticks "remember password", even the user who subsequently accesses windows will have access to folders which he should not have access to. Is there any way to avoid storing omv credentials in windows?

    • Official Post

    I would assume that Windows store the credentials as part of the user settings and that it is unique for each Windows user.


    Did you logout in Windows and then login to Windows as a different user?


    In that case Windows is broken...

    Be smart - be lazy. Clone your rootfs.
    OMV 5: 9 x Odroid HC2 + 1 x Odroid HC1 + 1 x Raspberry Pi 4

    Edited once, last by Adoby ().

  • I would assume that Windows store the credentials as part of the browser cache and that it is unique for each Windows user.


    Did you logout in Windows and then login to Windows as a different user?


    In that case Windows is broken...

    it's not about web credentials. these are windows credentials. That I log in with user x, rather than user y, the credentials remain stored in any case, it is completely normal. my question is: is there a way, by administering omv, not to allow credentials to be stored by windows or other systems?

    • Official Post

    You are correct. I changed web cache into user settings. Should still be unique to the user.


    No. You can't prevent clients from remembering passwords. Unless you change them.


    However there are different security levels.


    Share security requiring a password but not a user.
    User security requiring a user and a password.


    If you use user security, can user Y still access a share remembered by user X?

  • You are correct. I changed web cache into user settings. Should still be unique to the user.


    No. You can't prevent clients from remembering passwords. Unless you change them.


    Do you say that if user X have Windows remember the password and logout, and later user Y login and can access the share using X's password?

    I do a test..

  • @Adoby No, fortunately this does not happen. But multiple people log in with the same windows account. Here is the reason why I ask myself the problem covered by this thread.

  • Good morning,
    I have created shared folders on my omv.
    When the windows user logs in to the omv network resource, he is first asked to enter his omv user credentials.
    Depending on the privileges of the omv user, it can only access certain shared folders.
    But there is a problem: when entering the credentials, if the user ticks "remember password", even the user who subsequently accesses windows will have access to folders which he should not have access to. Is there any way to avoid storing omv credentials in windows?

    this is a windows problem not a OMV


    lots of responses on google, you need to use policies to change behaviour:


    https://www.top-password.com/b…d-credentials-windows-10/



    https://answers.microsoft.com/…4c-4c75-af6f-8b77f83aa649


    https://support.microsoft.com/…-on-a-computer-that-is-no


    https://www.youtube.com/watch?v=DkSidI6hYV8

  • Hi everybody,

    I'm new in this forum


    Found raulfg3 comments helpful and thank him

    Also did some more research on that, sharing below:


    I found this info useful:


    External Content gist.github.com
    Content embedded from external sources will not be displayed without your consent.
    Through the activation of external content, you agree that personal data may be transferred to third party platforms. We have provided more information on this in our privacy policy.


    Code
    @echo off
    cmdkey.exe /list > "%TEMP%\List.txt"
    findstr.exe Target "%TEMP%\List.txt" > "%TEMP%\tokensonly.txt"
    FOR /F "tokens=1,2 delims= " %%G IN (%TEMP%\tokensonly.txt) DO cmdkey.exe /delete:%%H
    del "%TEMP%\List.txt" /s /f /q
    del "%TEMP%\tokensonly.txt" /s /f /q
    echo All done
    pause


    and updated the script with command exit instead of pause at the end.


    Then:


    a. in a folder put the .txt file and via command line make a copy of .txt to .bat file

    b. in the same folder where you put the .bat file create a shortcut pointing to that .bat file

    c. copy this shortcut to the startup folder by running shell:startup after pressing windows key + R


    Even though the profile is of a standard user on windows 10 pro this script can delete the saved credentials via a sign out and in both manually and also caused by a task scheduled such could be a simple logout and log in or a restart


    Hope this helps

  • @Adoby No, fortunately this does not happen. But multiple people log in with the same windows account. Here is the reason why I ask myself the problem covered by this thread.

    I do not think it is a problem of windows, but of the user. having settings per account is totally ok and once you start to use some MS 365 / Microsoft Online stuff it is not easy to not store these things.

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!