0

Sorry about the odd title, can't think of a good way to paraphrase this one.

I have a Win2008 server that is not in a domain. I have two Win2003 machines, one in the domain, one not. All of them have a local account named "testAdmin" with the same password on all three.

By using the synchronized local account, the Win2003 machine can connect to the Win2008 server via RDC, can read the remote Application Event Log, etc.

If I login to the Win2003 domain-attached machine with a domain account, and then try to connect to the Win2008 machine, no dice (expected -- 2008 isn't part of the domain). However, if I use the Windows Event Log Viewer, and try to connect to the Win2008 machine, giving the synchronized local account and password, it still doesn't work (access denied).

Odder still: I can issue a 

NET USE \\<win2008>\IPC$ <local_password> /USER:<2003-local-account>

The IPC$ attach works -- it shows up in a blank NET USE command. However, if I try and look at the Win2008 Event Log, I still get access denied.

So somehow the 2008 machine can tell whether I'm impersonating the local account on the 2003 machine. How can it do this? How can I get the 2008 machine to let me in when logged in as a domain account but use the local account credentials?

DougN
  • 670
  • 2
  • 7
  • 16

2 Answers2

1

When you are trying to login to the 2008 machine, are you using <2008machinename>\testAdmin as the credentials?

DanBig
  • 11,423
  • 1
  • 29
  • 53
  • Tried both <2008>\testAdmin and just testAdmin (using local machine). This is the oddest thing I've come across... – DougN Aug 03 '09 at 15:31
  • How about creating a new local account on the 2008 box, just to rule out the 'same-username/diff system" similarity? – DanBig Aug 03 '09 at 16:05
0

A user is defined by Domainname\Username. If you dont supply the Domainname, a server make an assumption about the domain. A non-domain server will always assume domain = local_server_name. A member server will usually assume domain = domainname. Still, the member server has its own local domain. Only Domain Controllers dont have this local domain.

You are dealing with 4 domains:

domain, 2003_server1, 2003_server2, 2008_server.

since all users are called the same, and the passwords are the same, things work sometimes. Especially, with

NET USE \\IPC$ /USER:<2003-local-account>

the win2008 assumes the user is it´s local account. /user:2003_server1\2003-local-account is something entirely different.

Please retry the whole shebang while giving explicit domain/local credentials all the time, and you will see it makes sense.

Posipiet
  • 644
  • 5
  • 4