1

On my remote machine I have an IIS 7.5 (Windows Server 2008). I set up an ftp site with IIS Manager authentication. I then did Active Directory user isolation and isolated my users to physical folders according to their names. So far, so good. I can access with FTP clients from everywhere with different test accounts that I previously set up in the IIS Manager authentication. Every user connects to its own folder.

When I now tested with windows 7 as a client, I did the following: Explorer -> computer -> right click -> add network address -> the ip of my remote machine -> user1 -> password1

Perfect - it works. I now want to connect with user2. So I deleted this network address and set up a new connection, but with user2 (or even anonymous) instead. Now the strange thing: Windows doesn't even ask me for a password again. It just connects me to the folder of the user1.

I already disabled FTP caching in the IIS and I disabled the user1 account in IIS manager authentication! Still, if I set up a network connection with this windows 7, it connects to the folder user1, no matter which username I use (anonymous, administrator, user2,...).

And if I connect with other ftp clients or other computers, it all works perfectly. So I assume that this one Windows somehow caches the credentials... but then, how can I keep IIS from still accepting these credentials even if I have disabled the user1 account?

Skyhawk
  • 14,149
  • 3
  • 52
  • 95
Martin Booka Weser
  • 111
  • 3

1 Answers1

1

Have you checked the Credential Manager in Windows to see if it is storing something in there?

Start -> Control Panel -> Credential Manager

or if it the Control Panel is in Category View

Start -> Control Panel -> User Accounts and Family Safety -> Credential Manager

I would start there to see if there are any credentials stored that seem to match the credentials it is using.

tfitzgerald
  • 443
  • 3
  • 6