|
Posted by dnebeker on September 13, 2006, 9:58 am
Please log in for more thread options I'll post the answer for any that come after: WNetAddConnection2 (as simple
as that!)
"Patrick Steranka" wrote:
> There a few different APIs depending on what level your coming from:
> (1) COM, (2) .NET, (3) C++/Operating System
>
> I believe they all end up calling the OS calls. There's a book called
> "Programming Windows Security" by Keith Brown
>
> (See
http://www.amazon.com/Programming-Windows-Security-Keith-Brown/dp/0201604426/sr=1-1/qid=1158092967/ref=pd_bbs_
> 1/103-6512632-1471008?ie=UTF8&s=books)
> (NOTE: URL may have wrapped)
>
> that contains a wealth of information. Pg 95 in the book has a section titled
> Creating new Logon Sessions that probably has what you need.
> It refers to LogonUser
>
> (See URL
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/logonuser.asp)
> (NOTE: URL may have wrapped)
>
> I haven't ever done this but I've read about it.
>
> HTH, and good luck with it,
> Patrick
>
>
dnebeker@nospam.nospam says...
> > Thanks Patrick. So it definitely works.
> >
> > Does anyone have any idea how this is happening under the covers (ie, what
> > API calls enable this)? I need to write a program that can get to server2.
> > I can accept credentials from the user for domainB, but I'm not sure how to
> > use them (LogonUser doesn't seem to work).
> >
> > Thanks for any ideas.
> >
> > "Patrick Steranka" wrote:
> >
> > > You can use:
> > >
> > > Step 1: Login to domain 1, and open cmd prompt.
> > > Step 2: Logon to domain 2 as an "admin" (as follows)
> > >
> > > net use \domain2\host-on-you-want-to-access
/user:DOMAIN2\administrator
> > > # NOTE: You'll be prompted to enter a password here. If you wanted you
> > > # could put the password on the above line
> > >
> > > Step 3: Now that your authenticated on the remote machine, you'll be able
> > > to access it's event log. I believe.
> > >
> > > HTH,
> > > Patrick
> > >
> > >
dnebeker@nospam.nospam says...
> > > > I'm trying to get my head around this but am having trouble (if you can
> > > > suggest good Google keywords, I'll be happy to go search further).
> > > >
> > > > I have machine1 in domainA. It needs to read the event log of machine2
in
> > > > domainB. There is no trust relationship between the domains. I've
figured
> > > > out that I could have two local machine accounts on the two machines
that
> > > > have identical username and passwords, and this seems to work.
> > > >
> > > > However, I'd like to some how have machine1 impersonate a user in
domainB
> > > > and make the request. I thought I could use the LogonUser and
> > > > ImpersonateUser API's, but LogonUser won't work since machine1 doesn't
know
> > > > about domainB users.
> > > >
> > > > I was about to give up hope, but someone showed me that from machine1
they
> > > > can use Explorer and open a UNC path to machine2. They get prompted for
> > > > credentials, enter a domainB account, and get in. How did that work???
What
> > > > APIs were involved?
> > > >
> > > > Thanks for any hints you can send my way.
> > > >
> > > >
> > > >
> > >
> >
>
| 
XML Sitemap