You need to look under the user-account settings for stored passwords. And
yes this is a dreadful arrangement. As a maintainer it's all too easy to
forget that the passwords to any shares you make, even temporary ones, are
saved in the users' profile, sometimes without your even knowing it.. These
days it's an even bigger security risk than just exposing the shares to
abuse, as there are now utilities around to extract these saved passwords, so
an accidentally-saved engineer's password could in principle be extracted and
used elsewhere on the netweork.
If you're in a domain you can use a policy to prohibit password-saving. If
not, a
NET USE /PERSISTENT:NO
command executed at each startup will make sure that shares don't survive
reboots. Which is probably the best answer as it stops the passwords being
remembered.
This can be expanded-on by using a batch-file to connect your shares:
NET USE H: \\SERVER\SHARE
will connect the share to drive h: when run. If the user isn't authenticated
they will be asked for a password. For several shares on the same server, the
password need only be entered once. (This doesn't nean it's stored, though
-after logoff it has to be re-entered)
This approach has numerous advantages, not least of which is elimination of
ad-hoc shares appearing all over the place, every computer having different
ones!
I always prefer to setup networks - even fairly small ones without a
dokmain-controller - with a logon-script. It soon becomes apparent how much
easier to manage this is.
Hope this helps, Ian.
