I’m not certain that that is true. Exchange, at least, requires Kerberos auth. You can’t run the tools on a non-domain-joined machine. (You can remote PowerShell – if properly configured for CredSSP – to do the double hop.)
But honestly, I don’t know for this example. From: [email protected] [mailto:[email protected]] On Behalf Of Miller Bonnie L. Sent: Monday, April 21, 2014 1:04 PM To: [email protected] Subject: RE: [NTSysADM] GPMC from non-domain machine Agreed that runas SHOULD be able to work, but the non-domain joined VM will need to have some kind of name resolution to the domain for this to work. If you don’t want to point it there via DNS, you may need to edit your hosts (or lmhosts) file to get it to work. There are firewall considerations as well for the LDAP lookup to function. -Bonnie From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Christopher Bodnar Sent: Monday, April 21, 2014 7:40 AM To: [email protected]<mailto:[email protected]> Subject: Re: [NTSysADM] GPMC from non-domain machine You should be able to get it to work with a runAs. I mange a few remote domains this way: C:\Windows\System32\runas.exe /netonly /user:RemoteDOMAIN\Jdoe "mmc c:\windows\system32\gpmc.msc /domain=RemoteDomain.contoso.com /server=Contosodc1.RemoteDomain.contoso.com" But you should be able to join the workstation to the domain. Just log on locally, then after the VM's start up, log off and back on again. Or if they are started automatically, just give the DC time to spin up. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected]<mailto:> [cid:[email protected]] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> From: James Rankin <[email protected]<mailto:[email protected]>> To: [email protected]<mailto:[email protected]> Date: 04/21/2014 10:13 AM Subject: [NTSysADM] GPMC from non-domain machine Sent by: [email protected]<mailto:[email protected]> ________________________________ I have a non-domain workstation which hosts a variety of virtual machines that are in a domain. Is there any way I could run GPMC from this workstation which isn't joined to a domain? RunAs doesn't seem to cut it... I could join the machine to the domain, but that would be a PITA as I try to capture a cached logon because obviously the DC would never be started as the workstation boots up.... Just wondering if there was a way around this or if it's just a complete "can't be done" Cheers, -- James Rankin --------------------- RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The Virtualization Practice Analyst - Desktop Virtualization http://appsensebigot.blogspot.co.uk<http://appsensebigot.blogspot.co.uk/> ________________________________ ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
