Force windows to prompt authentication to shared folder/disable "remember my credentials"

Question

Is there a way to force windows to prompt for credentials to a shared folder? We are in a domain environment with 50+ PCs. What I need is to have a shared folder on our server that has specific user permissions. I need these users to be able to access this folder from any PC in our network, and I DO NOT want windows to cache their credentials after the first logon. I need them to be required to enter their password every time they try to access the folder.

I have looked at options with net use and net view, however there are other shared drives and folders that I do not want affected by this change (they still need to be accessible without credentials and have the drives remembered on the pcs for all users).

I've also looked into options with UAC with no luck. I should also note that due to the field-specific software my client uses we have to disable UAC completely.

Is this something I might be able to accomplish with roaming profiles or enabling access-based enumeration for the folder?

I feel like this is something windows should be able to do and it has been too long since I've done sysadmin work that I just can't remember and Google is failing me today.

Windows 2008 R2 Standard
Windows 7 workstations

Thanks in advance

Answer 1

You can prevent caching of network credentials using a group policy. It's under:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

The setting you are after is: "Network Access: Do not allow storage of credentials or .NET Passports for network authentication"

Answer 2

That's not how authentication and authorization works for domain members in an AD domain. Users don't provide their username and password to network resources in order to access those resources. As such there are no Windows credentials stored in Credentials Manager for domain resources.