Ok...my terminology must be wrong. :) I'm using the /savecred option of runas with a local account that has special permissions.
I think I may just dump runas and try cpau instead. I'll see if that works both in a workgroup and domain. - Andy O. >-----Original Message----- >From: Ken Schaefer [mailto:[email protected]] >Sent: Wednesday, May 13, 2009 8:47 AM >To: NT System Admin Issues >Subject: RE: RE: Runas - local account when joined to domain > >Um, how can you use "cached credentials" with local accounts? Since the >local security authority is always available (Windows will BSOD if it's >not), you're always authenticating against the same, not using any >credentials that are "cached" > >Cheers >Ken > >________________________________________ >From: Andy Ognenoff [[email protected]] >Sent: Wednesday, 13 May 2009 11:28 PM >To: NT System Admin Issues >Subject: RE: RE: Runas - local account when joined to domain > >Not true - I've been using cached credentials with local accounts for years >without issue in these exact scripts. Previously we'd been a Netware >environment (so Windows workgroup) and everything worked perfectly. Only >since joining to our new domain has this been an issue. > > - Andy O. >________________________________________ >From: Christopher [mailto:[email protected]] >Sent: Tuesday, May 12, 2009 8:06 PM >To: NT System Admin Issues >Subject: Re: RE: Runas - local account when joined to domain > >I just realized this, so to clear things up, I don't think you understand >how cached credentials are meant to be used... you can't 'cache' local >credentials in that way (you can't cache local credentials in any way, if >I'm thinking right) >Cached credentials are merely for situations where a DC is not available, >so >the password entered is checked against the local cache of domain >credentials (the # of logins cached is set via group policy) > You want it to be where you don't have to enter a password at all, which >is not how it's meant to work. You're barking up the wrong tree. Sorry I >don't have a solution, but I thought I'd at least mention that you won't >get >what you want with cached credentials and 'runas'... > > >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
