-1

If I have a domain called "HOUSE" with user "JOHN", would it be possible to rename a PC to "HOUSE" with a local user called "JOHN"?

So both would then be HOUSE\JOHN.

Edit: I should add, the PC is on the domain "HOUSE".

Carl Reid
  • 151
  • 3
  • 3
    What are you trying to solve? – ceejayoz Feb 24 '15 at 16:44
  • I'm not trying to solve something, I was just wondering if I could spoof a username of "HOUSE\JOHN" (domain\user) without knowing the domain's "HOUSE\JOHN" password. (pcname\user) – Carl Reid Feb 24 '15 at 17:18
  • I think what you're trying to ask is that if both the domain and local host have the same name, in this case "house", which context is the user logged in as (domain or local machine)? – Colyn1337 Feb 24 '15 at 18:04

2 Answers2

7

Yes it will let you create a domain computer object with the same name as the domain. However, the default context (at the login screen) will be domain login, rather than local login and will require valid domain credentials to authenticate.

If you manage to login locally to the PC, it will not grant you domain level access. The names of the domain and computer as just labels for your reference. Accounts are internally referenced by various ids. Having the same name does not somehow let you slip in the backdoor. Active Directory correctly recognizes the domain and the computer as distinct locals with separate permission sets.

Setting the names the same just makes it harder to select the context you want.

Jon Moody
  • 158
  • 1
  • 7
  • Fast typist! ;) Serves me right for being long-winded. – Katherine Villyard Feb 24 '15 at 20:01
  • 1
    And while typing that I even made a computer object on my domain that matched the name just to make sure I remembered correctly. ;) – Jon Moody Feb 24 '15 at 20:07
  • I just googled to make sure I remembered correctly. ;) – Katherine Villyard Feb 24 '15 at 20:08
  • So a user with admin rights on the PC wouldn't be able to rename their PC to be "HOUSE"? It's just that WindowsIdentity.GetCurrent().Name would return "HOUSE\JOHN" in both cases if it is possible. I'm not trying to slip into a backdoor in Active Directory, just appear as an AD user when that code is called. – Carl Reid Feb 25 '15 at 08:09
  • More specifically, a user with local admin rights cannot change the PC name at all without removing the computer from the domain. To function on the domain the computer has a matching computer object in AD, which requires domain admin privilege to create or modify. – Jon Moody Feb 25 '15 at 14:58
2

In response to your comment:

I'm not trying to solve something, I was just wondering if I could spoof a username of "HOUSE\JOHN" (domain\user) without knowing the domain's "HOUSE\JOHN" password. (pcname\user)

I assume that you're referring to accessing shares or whatever.

No, if you name your computer DOMAINNAME and use a local user account with the same name as a domain account, you will not get access to the domain account's stuff.

If the resource is using Kerberos, it will request a Kerberos ticket. You get a Kerberos ticket from the domain controller, after providing a timestamp encrypted with the user's password hash from an approved workstation. The domain controller will not be "fooled" into issuing a Kerberos ticket to a local account because of similar names. (That's an oversimplification; there's more information on Kerberos here and here.)

If the resource is using NTLM, it will send a one-way hash of the current password to the resource. (Also a simplification; see more here.)

(Active Directory would consider the PC named House in the House domain to be HOUSE\House. Here's an article on AD naming conventions.)

Katherine Villyard
  • 18,550
  • 4
  • 37
  • 59