How to disable/setup same name and same password authentication between two windows PCs on the same network?

1

My Experiment

  • I set up a simple network with two computers, both on the same work group.
  • I created a local user 'A' with password 'A' on Computer 1.
  • And then I created an identically named local user 'A' with identical password 'A' on Computer 2.

My Observation

  • What I notice is that when I'm logged in as 'A' in computer 2, I am allowed network access as 'A' in Computer 1, e.g., when browsing 'A' shared folders.

My Thoughts

  • This is ironic as even though they are the identical in name, they are actually two different local users on two different computers!
  • This to me can be a security hazard. What if coincidentally (or maliciously) a person has the same username and password in computer 2 and thus is incorrectly given access to Computer 1?

My Question:

  • What is this sharing of username and password called?
  • How do we enable/disable this sharing of identical local usernames and passwords between two computers?

I've also realized that this works during DCOM calls as well.

user1034912

Posted 2013-05-03T02:00:07.563

Reputation: 119

Crossposts: 1. @1:37, 2. @1:37, 3. @2:00, 4. @3:34

– StackzOfZtuff – 2017-04-18T08:44:32.140

Are you sure that the folders are not configured to allow *everyone* access? Try creating a different account on one of the machines, that doesn't exist on the other, and browsing folders with that account. – MDMoore313 – 2013-05-03T02:14:37.103

If i try on different account it doesn't work. Similarly if I try with same UN but different Password TOO does not work – user1034912 – 2013-05-03T02:57:18.227

What you observed is a Windows feature to share network shared folders. Even though the password and username are the same, they are not the same user, the two users are 100% idependent. – Ramhound – 2013-05-03T11:17:24.153

Answers

0

So, you're being prompted for credentials, and you have the same user name and password on both workstations?

This isn't a case of Windows allowing another computer to access it's own (aka security hole). When you type in the credentials it's authenticating it against it's own local account. So, if you're trying to login to WorkstationB for example to view files, and when prompted for credentials you enter:

UserA
*********

And login, that's okay because Windows sees

WorkstationB\UserA
*********

So, trying logging in with 

WorkstationA\UserA
*********

and see if you make it in. This tells windows to look authenticate you against WorkstationA's account store instead of it's own.

MDMoore313

Posted 2013-05-03T02:00:07.563

Reputation: 4 874

Asked: 2013-05-03T02:00:07.563

Viewed: 961 times

Active: 2014-05-03T18:51:53.733