UNC Path/2008(R2)+ RDP different credentials causes impersonation issues

[Migs351]

Windows 10 Enterprise

Full AD Domain

Many GP's enforced

Have local admin

 

This one has me puzzled as I've never seen it act like this...

 

I'm a system admin, so I log into multiple servers/shares multiple different ways.  Well, my past jobs have always used the same credentials and just granted my login credentials access to what I needed.  This company, we have aliases that we use... OK, no problem, right... Well... Yeah... here is my problem....  When I connect to a UNC path or RDP Session (2008+ as newer RDP protocols prompt first before actually initializing the connection) and use those alternate credentials, it works as intended, except... my local internet browser (I use Firefox, but tested and it happens in IE as well) after that, starts to think somehow that I am logged in as my alias account.  Our alias accounts are restricted from external web access.  So instead of being able to do my browsing, I am prompted with the companies restricted access page and it shows that it's blocked my Alias user.

 

It's as if I've started my browser with a "runas" /user:domain\alias command, which I obviously have not.  The only fix I've figured out thus far is to lock the computer, and then log back in, which then "refreshes" my own credentials and then I'm browsing once again as myself and no longer restricted.

 

I do not have to restart the browser.

 

I kind of get why this is happening, but I also don't.  The alternate credentials should only be used for the UNC/RDP session... No?

 

Saved Windows Credentials have been disabled at a GP level, so I can't turn those on to use Mapped network drives and save the credentials, otherwise I'd just use that option....

 

Anyone else have this kind of problem?  Any fix for it?

[Migs351]

Anyone have any Ideas?

[Jason S. Global Moderator]

yeah, i dont understand the correlation b/w the RDP/UNC credentials and your local browser... since when does a browser care about your credentials?