Re: netlogon service and LogonUser() API function

As Chuck and I have both indicated, you can't use logonuser this way. It SPECIFICALLY states in the documentation this won't work with this function.

There are other mechanisms that can be used because you really need the creds on the remote machine, not the local machine. Depending on the interfaces being used to connect to the remote machine, this could mean different mechanisms for authentication. For instance, if doing something against a remote AD you could use LDAP auth when binding. If you need to hit the file system or various RPC items you could establish an IPC$ network connection in the alternate credentials. Depending on the security context you start from and what OS you could use CreateProcessWithLogonW to establish a set of network credentials to connect to remote machines.



--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


nis.ben@xxxxxxxxx wrote: 
there must be a way to authenticate credentials for a domain without
being a member of it.
because when joining a domain, one of the tasks that performed, is
authentication to it. how does the os authenticate with the domain
controller in order to join the domain (before it is part of the
domain)?

my purpose is to create an application that can perform multiple
"administrator tasks" in multiple computers that are part of multiple
domains.
i've succeeded to perform those tasks in one domain, when my computer
is part of it (the proccess used "logonuser()" to get administrator
credentials). when i tried to logon to other domains, or when i used a
computer in a workgroup, my application failed to get administrator
credentials in the domain.

maybe there's other way to get administrator credentials of a certain
domain (without being part of it)?
or maybe the application should perform :join a domain, authenticate,
perform tasks, leave domain? (is it possible?)

thanx in advance,
Ben

.

Relevant Pages

  • Re: Remoting
    ... of authentication to provide appropriate credentials to the remote server. ... You need software on the remote machine that the remoting client can talk to ... > the process and thread account will be the interactive or logged on user ...
    (microsoft.public.dotnet.security)
  • Re: change password w2k
    ... > If you are an administrator of the remote machine, ... you can modify the script and use a connection with ...
    (microsoft.public.windows.server.scripting)
  • Re: Default credentials
    ... > comes up on my client site requires NTLM or Basic authentication? ... > a web browser - I assume it must be something they have set up ... If your receive a Dialog asking for your creds with NTLM auth ... credentials of the current security context. ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: Default credentials
    ... > comes up on my client site requires NTLM or Basic authentication? ... > a web browser - I assume it must be something they have set up ... If your receive a Dialog asking for your creds with NTLM auth ... credentials of the current security context. ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: Default credentials
    ... > comes up on my client site requires NTLM or Basic authentication? ... > a web browser - I assume it must be something they have set up ... If your receive a Dialog asking for your creds with NTLM auth ... credentials of the current security context. ...
    (microsoft.public.dotnet.security)
Quantcast