Server Solver

Repetitive Log-In Syndrome

Windows' Stored User Names and Passwords feature can help this admin from developing a common, on-the-job stress.

• By Zubair Alexander
• 01/23/2006

Zubair: I'm a network administrator at a small company. For several reasons, I need to run Windows Server 2003 as my desktop operating system running in a Workgroup environment. Is there an easier way to supply multiple usernames and passwords when connecting to different computers without logging off and on? I want to be able to connect to our Exchange Server using Outlook, but my computer is not part of our domain and I have to provide credentials each time I logon. I also want to connect to multiple resources (file shares, printers, Web sites) without entering my credentials multiple times or purchasing additional software. What do I need to do? Use RunAs? Run some scripts?
— Matt

Tech Help—Just An E-Mail Away Got a Windows, Exchange or virtualization question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to the MCPmag.com editors at mailto:[email protected]; the best questions get answered in this column and garner the questioner with a nifty MCPmag.com baseball-style cap. When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message, but submit the requested information for verification purposes.)

Matt, the easiest thing for you will be to use one of the built-in features of Windows Server 2003 called Stored User Names and Passwords. This function is also available in Windows XP Professional. Stored User Names and Passwords will give you the ability to use the single sign-on feature to connect to resources that you've mentioned. You can store all the user names and passwords that you use to connect to other computers in a single location within your profile. For example, you can specify a user account and password associated with your Exchange server in Domain A to access your e-mail and use a different account and password in Domain B to access a shared folder, even if there’s no trust relationship between Domain A and Domain B.

Stored User Names and Passwords is useful in other situations as well. For example, if you connect to several Web sites with different user names and passwords, you can store them in a list with Stored User Names and Passwords. If a network administrator logs on to the network using a non-administrative account, that person can connect to a network server remotely with administrative rights by using the proper credentials saved in Stored User Names and Passwords.

When you log on to your Windows Server 2003 (or Windows XP for that matter), your user name and password becomes the default security context for accessing resources on other computers on the network and on the Internet. If you log on locally to your computer in a workgroup environment, obviously you are not able to connect to domain resources on the network because of your credentials. This is where Stored User Names and Passwords can come handy. You can save various credentials to connect to network resources in a list with Stored User Names and Passwords. The items in the list can be easily modified or deleted at any time.

Let’s say you're trying to connect to a domain server while you're logged on locally to your Windows Server 2003 or Windows XP computer. Windows will first attempt to use the default security context that you use to log on. Because those credentials are not sufficient to give you proper access, the Stored User Names and Passwords will go through the list of user names and passwords until you are able to successfully connect. If none of the entries in the list is applicable, you will not be able to connect to the resource. In that case, you may be prompted to provide a user name and password.

I should point out that the Stored User Names and Passwords are kept within your profile in a secure area so other users cannot access this information. Here’s the procedure for using Stored User Names and Passwords.

If you're in a situation where you have not finished the upgrade, you can remove the Windows 2000 Administration Tools and then continue on with the upgrade to Windows Server 2003. What you have to watch out for is to make sure that you do not remove Windows 2000 Administration Tools from Add or Remove Programs in Control Panel if that feature is installed at the time when you upgrade your server to Windows Server 2003. If you remove the Windows 2000 Administration Tools from Add or Remove Programs, you will most likely get an error. Simply install the Windows Server 2003 Administration Tools package. It will overwrite the existing Windows 2000 Administration Tools and you should be able to use the Default Domain Controller Security Policy icon as well as the Domain Security Policy icon.

1. Logon to your Windows Server 2003 as an administrator.
2. Click Start, Control Panel, Stored User Names and Passwords, then click Add.
3. In the Logon Information Properties dialog box type a name for the server, workgroup, or a network location in the Server box.
4. Enter the user name and password associated with that server (see Figure 1).

The above instructions apply to a Windows Server 2003 computer. On Windows XP Professional the location of Stored User Names and Passwords is different if you are in a Workgroup environment using Fast User Switching. You can access the Stored User Names and Passwords by going to Control Panel, User Accounts. Click on your user account and then select Manage my network passwords under Related Tasks (see Figure 2).

Figure 1. Open up Stored User Names and Passwords in this dialog.

Figure 2. When your password expires, be sure to update Stored User Names and Passwords.

Tip: If you want quick access to Stored User Names and Passwords, simply use the following command at Start, Run:

rundll32.exe keymgr.dll,KRShowKeyMgr

You can also create a shortcut on the desktop that includes the following line as the target.

There are several freeware and shareware tools that offer somewhat similar capabilities with varied levels of security. You mentioned that you weren't interested in purchasing additional software. I would encourage you to check out at least one free utility, called Password Minder, from Keith Brown, which is available on Microsoft’s Web site. If you are interested in more technical details on how Password Minder implements its cryptographic functionality and some additional features, then read Keith’s follow-up column on the MSDN site at http://msdn.microsoft.com/msdnmag/issues/04/10/SecurityBriefs/ .

One final note: When your password expires on the domain or other locations, make sure you update it in Stored User Names and Passwords.