Hi, - -----Original Message----- - From: [EMAIL PROTECTED] [mailto:wpkg-users- - [EMAIL PROTECTED] On Behalf Of Tomasz Chmielewski - Sent: 04 November 2008 10:21 - To: Kai Pastor - Cc: [email protected] - Subject: Re: [wpkg-users] Can't use computer account authentication - with WPKG Client 1.3.6 - - Kai Pastor schrieb: - > Although usually running under the local SYSTEM account, WPKG client - never - > properly supported using the computer account for connecting to the - WPKG - > file path on the network. In september, I explained a workaround: I - added - > double quotes to the UNC path ("\\mydomain\dfs\wpkg\wpkg.js") in - order to - > prevent WPKG client from calling WNetAddConnection2. - > - > WPKG Client 1.3.6 seems to recognize a UNC path even within double - quotes - > (which is good). It always calls WNetAddConnection2 with the - credentials - > [not] specified. - > - > In "Test settings"-mode, it complains that multiple connections with - > different credentials are not allowed: - > - > Message: WNetAddConnection2-> Mehrfache Verbindungen zu einem Server - oder - > einer freigegebenen Ressource von demselben Benutzer unter Verwendung - > mehrerer Benutzernamen sind nicht zulässig. Trennen Sie alle früheren - > Verbindungen zu dem Server bzw. der freigegebenen Ressource, und - versuchen - > Sie es erneut. - - This is normal in Windows - this system just can't connect to the same - share/server with different credentials. - So if you're already connected to that share i.e. as Administrator, you - won't connect to that share as a different user. - Workaround - use a different server name. - - - > When starting as a service, it fails with "access denied": - > - > WNetAddConnection2-> Zugriff verweigert - > - > - > So it is no longer possible to use the computer account for - > authentification. This is bad news. This authentication seems most - > appropriate to me in an AD/DFS setup. - - It worked before for you by pure accident, as this feature was never - planned. Now it doesn't work, as one slight bug was fixed. - - However, it makes perfect sense to add a switch like "use computer - account credentials" for connecting. So it should be added to the next - version. -
Question :-) In theory, (although it's probably not as simple programmatically) doesn't LocalSystem attempt connections as the machine account? By that I mean, <computername>$ and not just <computername>. Is the "use computer credentials" option just because people are missing the point of adding a $ to the computer name or share security? Sorry... it's a naïve thought again but I could see it as a easy oversight. I've spent far too much time handling this idea in scripts! Keefy - - > Could WPKG client skip WNetAddConnection2 when the WPKG path user is - NOT - > specified? - > - > There is also no source code yet for release 1.3.6 - - I'll try to upload it this week. Or, if you want to help with the code, - I might do it earlier, let me know. - - - -- - Tomasz Chmielewski - http://wpkg.org - - ----------------------------------------------------------------------- - -- - wpkg-users mailing list archives >> - http://lists.wpkg.org/pipermail/wpkg-users/ - _______________________________________________ - wpkg-users mailing list - [email protected] - http://lists.wpkg.org/mailman/listinfo/wpkg-users ------------------------------------------------------------------------- wpkg-users mailing list archives >> http://lists.wpkg.org/pipermail/wpkg-users/ _______________________________________________ wpkg-users mailing list [email protected] http://lists.wpkg.org/mailman/listinfo/wpkg-users
