Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 04:30 PM (PDT)
Microsoft Tech Community
SOLVED

Force password in network drive with GPO

Copper Contributor

Hey guys, I have a GPO that automatically maps network drives. However, I would like to know if it is possible to force the user to enter their password every time they click on the drive?
Is there any policy I can apply to do this?

4 Replies
No, that's not possible. You're already relying on Kerberos/SMB for security - you may harden them if you wish to improve it.
It also depends on your objective - what do you try to accomplish through this ?
this is no longer possible. The GPP for network drive and password has been deprecated and removed. First it may use NTLM instead of Kerberos, secondly the password is stored insecurely in the GPP Object in SYSVOL. you should avoid such scenarios and bind network drives with GPP natively in user context. This requires the user (better group) has permissions via Share Permissions + NTFS permissions. Mind that "full" permissions are often not required and write is enough. Full allows to change permissions and ownership is quite dangerous.
Well, I provide services for a company that nowadays uses samba to share files and store users and passwords.
We intend to migrate to Windows Server because of Active Directory. It turns out that the director prefers that his employees always enter a password when accessing network folders. We intend to use a GPO to map the folders and make the work easier because there are 60 computers, hence my question.
best response confirmed by esilva5050 (Copper Contributor)
Solution

Active Directory provides you the ability to centralize authentication and identity management through a set of features including, notably single sign-on (SSO).
File access management is tied to your account, assuming file servers and workstations are also part of Active Directory. You implement this through good old AGDLP model or claims/dynamic access.
This is an on-premise model however, modern file management relies on Microsoft Entra ID, Azure file shares etc.

1 best response

Accepted Solutions
best response confirmed by esilva5050 (Copper Contributor)
Solution

Active Directory provides you the ability to centralize authentication and identity management through a set of features including, notably single sign-on (SSO).
File access management is tied to your account, assuming file servers and workstations are also part of Active Directory. You implement this through good old AGDLP model or claims/dynamic access.
This is an on-premise model however, modern file management relies on Microsoft Entra ID, Azure file shares etc.

View solution in original post