Ping a Specific Port

Question

DougN

Asked: 2009-08-04 07:02:58 +0800 CST2009-08-04 07:02:58 +0800 CST 2009-08-04 07:02:58 +0800 CST

Stumped: Accessing Win2008 from Win2003 -- domain or not

772

Sorry about the odd title, can't think of a good way to paraphrase this one.

I have a Win2008 server that is not in a domain. I have two Win2003 machines, one in the domain, one not. All of them have a local account named "testAdmin" with the same password on all three.

By using the synchronized local account, the Win2003 machine can connect to the Win2008 server via RDC, can read the remote Application Event Log, etc.

If I login to the Win2003 domain-attached machine with a domain account, and then try to connect to the Win2008 machine, no dice (expected -- 2008 isn't part of the domain). However, if I use the Windows Event Log Viewer, and try to connect to the Win2008 machine, giving the synchronized local account and password, it still doesn't work (access denied).

Odder still: I can issue a

NET USE \\<win2008>\IPC$ <local_password> /USER:<2003-local-account>

The IPC$ attach works -- it shows up in a blank NET USE command. However, if I try and look at the Win2008 Event Log, I still get access denied.

So somehow the 2008 machine can tell whether I'm impersonating the local account on the 2003 machine. How can it do this? How can I get the 2008 machine to let me in when logged in as a domain account but use the local account credentials?

2 Answers

Voted

DanBig · Answer 1 · 2009-08-04T07:08:20+08:00

DanBig

2009-08-04T07:08:20+08:002009-08-04T07:08:20+08:00

When you are trying to login to the 2008 machine, are you using <2008machinename>\testAdmin as the credentials?

1

Posipiet · Answer 2 · 2009-08-04T10:19:39+08:00

Best Answer

Posipiet

2009-08-04T10:19:39+08:002009-08-04T10:19:39+08:00

A user is defined by Domainname\Username. If you dont supply the Domainname, a server make an assumption about the domain. A non-domain server will always assume domain = local_server_name. A member server will usually assume domain = domainname. Still, the member server has its own local domain. Only Domain Controllers dont have this local domain.

You are dealing with 4 domains:

domain, 2003_server1, 2003_server2, 2008_server.

since all users are called the same, and the passwords are the same, things work sometimes. Especially, with

NET USE \\IPC$ /USER:<2003-local-account>

the win2008 assumes the user is it´s local account. /user:2003_server1\2003-local-account is something entirely different.

Please retry the whole shebang while giving explicit domain/local credentials all the time, and you will see it makes sense.

0

Stumped: Accessing Win2008 from Win2003 -- domain or not

Ping a Specific Port

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What's the command-line utility in Windows to do a reverse DNS look-up?

How to check if a port is blocked on a Windows machine?

What port should I open to allow remote desktop?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?