The user we are running it with is a local account though - and we dont tell the users the pw for that account, which is why we want it cached. This isnt looking good, is it? :(
- Andy O. ________________________________________ From: Christopher [mailto:[email protected]] Sent: Tuesday, May 12, 2009 2:25 PM To: NT System Admin Issues Subject: Re: Runas - local account when joined to domain Try it without the /savecred option. I don't think you need that for what you are trying to do. AFAIK, that option will allow you to runas a user that already has domain credentials cached on the machine when the domain controller is not available.. So I'm guessing what happens is that when you use that option, yet specify a local account (or any domain account without cached credentials - it realizes there are no cached credentials for the username you specified so it tries to find a domain controller to authenticate the account. On Tue, May 12, 2009 at 1:59 PM, Andy Ognenoff <[email protected]> wrote: XP only. Command looks like this: runas /noprofile /savecred /env /user:machinename\username executablename Works fine when in a workgroup or when joined to a domain and a DC is available. - Andy O. ________________________________________ From: Christopher [mailto:[email protected]] Sent: Tuesday, May 12, 2009 1:25 PM To: NT System Admin Issues Subject: Re: Runas - local account when joined to domain Are we talking XP or Vista here? What method are you using to do the Run as? On Tue, May 12, 2009 at 1:12 PM, Andy Ognenoff <[email protected]> wrote: I tried both .\username and machinename\username neither worked. - Andy O. ________________________________________ From: Christopher [mailto:[email protected]] Sent: Tuesday, May 12, 2009 1:09 PM To: NT System Admin Issues Subject: Re: Runas - local account when joined to domain I believe your problem is that it assumes any account is a domain account unless you specify it as a local account, such as u...@mymachine or mymachine\user. Try that and see if it works. On May 12, 2009 12:53 PM, "Andy Ognenoff" <[email protected]> wrote: My google-fu is failing me today and this issue has never come up before for me. I've got a couple applications that we have regular users run (non-admin) that require elevated privileges so we use runas with another local user account that has perms just for the stuff it needs and then we cache those credentials. Since moving to Active Directory, none of the runas commands work if a DC can't be found (mobile users) even though the runas command is using a local account. It says no logon servers are available. Any ideas on how to get around this? - Andy O. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
