Home / server / Questions / 88208
In Process
Ian
Asked: 2009-11-26 03:41:29 +0800 CST

Mimic the behavior of a machine added to a domain

  • 772

For some reason, the IT department at our company does not want to add Windows 7 and Windows Vista machine to the domain controller.

I hate to always provide my network credentials everytime I access a shared folder on a machine that is joined to the domain. I also hate to always provide my password when I launch outlook or Visual Studio (Team Explorer).

Is there a way to mimic the behavior of a machine that is added to a domain without actually adding the machine in the domain?

For shares, I can create a batch file that will NET USE the different fileservers we use here but that is a huge security risk as I will type my password as plaintext.

Thanks!

networking

4 Answers

  1. Jon was on the right track with Kerberos, but didn't go into specifics.

    On the server, you need to create a machine account. Hold on to the password.

    You need to map your local account on your box with your account on the domain. From the command line:

    ksetup /setrealm YOURDOMAIN.TLD
ksetup /addkdc YOURDOMAIN.TLD yourkdc.yourdomain.tld
ksetup /setmachpassword the-password-from-above
ksetup /mapuser [email protected] yourlocalaccount

    (the KDC in step two is usually the domain controller)

    You can now access all Kerberised services, but your machine has not actually been joined to the domain.

    • 2

  2. what you desire is possible. follow this tutorial

    http://codebetter.com/jameskovacs/2009/10/12/tip-how-to-run-programs-as-a-domain-user-from-a-non-domain-computer/

    its a beautiful thing. :)

    • 1

  3. A Windows (&Samba potentially) domain will use a single sign on system called Kerberos to authenticate you when you log in. Once you have been granted a Kerberos ticket you can access any "kerberised" service without having to type your username and password again - such as your file server.

    You may have some success by ensuring your local Windows account uses the same username and password as your domain account and for instance mapping the network drive. Also you can frequently save your credentials in the applications - but this obviously a potential security issue and as anybody who has ticked Outlook's save password box can tell you it frequently doesn't work.

    This may help you to get Oulook to remeber the passsword: MS Technet article

    • 0

  4. You can also create a batch script that will take the first parameter of the script as your password and pass it to the net use scripts within the batch file.

    You could also leave out the password as a parameter and have it prompt you, then add the batch file to your startup items.

    My main question would be why the IT Department won't let you join it to the domain? Is it a personal machine? If it is I wouldn't be happy in my office for it to be even connected to the physical network never mind the domain.

    • 0