Nasty Security Issue

Yesterday a colleague asked me to help with a security issue he was having.  He is someone who I consider to be a good developer; but does not have a good understanding of Windows security beyond the basics…Right click on folder -> Properties -> Security.

The problem manifested as this developer (only) loosing access  to a NAS share – “it used to work”.

First I confirmed that he was in the correct Active Directory (AD) groups and those groups had sufficient permissions to the folders in question.  Check.  Conclusion – it should work.

Then I had the developer write a quick web application to make sure he was passing his full credential to web server.  Check.  Conclusion – not something that is globally impacting authentication/authorization.  Seems to be something in the “conversation” between this workstation and the file server.

Hmmm.  Next thing was to try this from another workstation.  He remoted into a old Windows XP workstation.  It worked!!  Conclusion – something going on with his workstation.

Now I know that on my laptop, when I log into Windows but I am not connected to the network – I am using a cached credential on my workstation.  I also know that part of that credential is the groups that I am a member of.  So it seems that what this particular workstation is passing to the file server does not have the right groups since the server is denying the request.  Seems like there is something dirty/broken in the cache.

I typed “windows delete cached credential” into my favorite search engine and got this post.  We followed the steps that Ashok spells out…

  1. From Control Panel\All Control Panel Items\User Accounts click the username To the left you will see Manage your credentials.  From that select the share name and remove.
  2. Delete using net use Start > Run > cmd > net use * /DELETE

…and shazam…it worked.

There is a first for everything – this was definitely a first.

Now onto a nasty SharePoint issue that I have been putting off.   Hey at least I may end up with another blog post.