Database Search
If you can't find the information using the categories below, post a question over in our WinBatch Tech Support Forum.
TechHome
wNT
 |
- 1219 Error with AddDrive
- Account Expires after wntUserAddDat
- Add Domain Group to Local Administrator Remotely
- Add Everyone to Administrators Group
- Add Global Groups in Domain
- Adding Domain to Workstation
- Adding Users and Setting Flags
- Adds User Account to Local Administrator Group
- Allow Inheritable Permissions from Parent
- Builtin Group SID convert to Name
- Bypass NT Ctrl Alt Del to Logon
- Changing Computer Name and Machine Account
- Changing Domain Passwords Sample Code
- Check For Disabled Computer Account
- Check if You Have Local Admin Rights
- Checking an Accounts Password
- Checking for Old Users
- Convert SID to User ID
- Converting SID to Domain - Account Name
- Create Directories and Set NT Access Permissions
- Dealling With Inheritiable Permissions
- Decode Logon Hours
- Determine if Computer is in a Workgroup or Domain
- Determine if PC is Member of Domain
- Determine Inheritance
- Determining if Current User is Authenticated
- Disable Allow Inheritable Permissions
- Domain Trusts Explained
- Error 673 WntPrivAdd
- Error 684 using wntAccess functions
- Find Domain for a Computer
- Foreign Language support of the Win32 Network Extender
- Get a Users Primary Group
- Get Domain User Info
- Get Machine Administrator Userid
- Get SID from Username
- Get the Currently Logged on User in NT
- Get the SID of a Workstation
- Get User Name and wntUserProps
- How to determine if a file is in use on LAN
- How to disable Allow inheritable permissions
- How to Get the Local Adminstrator Account
- How WntServerList Determines a Server
- Inherit NTFS Persmissions
- Interpreting Access Rights
- Is Domain User a Local Admin
- Is User Logged into Domain or Local Account
- Is wntChgPswd Encrypted
- Issue with AccessMod on Remote Machine
- Keeping Track of Last User Login
- List only Windows 2000 Systems
- List Open Connections
- List Terminal Servers
- Listing Directory Shares with Permissions
- Losing Mapped Drive Connections in XP
- Matching SID to ProfileList folder
- NT Auditing
- NT Extender and NT4 No Service Packs
- NT Network Extender and UPN Account Names
- Obtain Share Permissions
- Obtain user sid
- Port Required for WntUserGetDat
- Problems caused by ADMT
- Pull Trusted Domain List
- Reboot user with no shutdown privileges
- Remotely Reboot and wntShutDown
- Remove Everyone Access from D
- Rename User in an AD Domain
- Reset Passwords in Active Directory
- Reset Permissions when Inheritable is Enabled
- Rights to use wntFileUsers
- Runwithlogon and Bad Username
- RunWithLogon Parameter Size
- RunWithLogon versus RunAsUser
- Searching NT Users and Find by Last Name
- Server Description Field
- Setting File Permissions with wntAccessAdd
- Setting NT Policies
- Setting Service Permissions
- Shutdown All NT Servers
- SID values - AD - round tripping and ADMT
- Synchronize password from NT Domain to Novell
- The NT extender functions in Active Directories
- Trouble determining admin rights
- Trusting Domain List
- Unlock Account with wntUserSetDat
- User Login and Log out Information
- User Profile Last Logon
- Win 2000 AutoAdminLogon
- wntAccess... and Specifying Remote Drives
- WntAccessAdd and Change Modify Registry
- wntAccessAdd and Inherited Rights
- WntAccessAdd and Inheritence
- wntAccessAdd and Invalid User - Group
- wntAccessAdd and NTFS
- WntAccessAdd error 546 Invalid file directory name
- wntAccessAdd Inheritable Permissions
- wntAccessAdd Problem on NT 4
- wntAccessAdd Share Problem on Windows 7
- wntAccessAdd versus w95AccessAdd Tips
- wntAccessDel Error 599 Invalid Level
- wntAccessGet and Username Parameter
- WntAccessList DFS share
- wntAccessList Problem
- wntAccessMod Registry Issue
- wntAcctList Returns Incorrect Flag Values
- wntAcctPolSet Error
- wntAddDrive and Unicode
- WntAddDrive launches an Explorer window
- wntAddPrinter after WntRunAsUser
- wntauditadd and inheritance
- wntAuditAdd and MS Patch
- WntCancelCon Error 511 Device in Use
- wntChgPswd 562 Invalid User Name
- wntChgPswd and Error 586
- wntChgPswd and Error 589 Error Changing Password
- wntChgPswd and Error 677
- wntChgPswd behavior different between W2K and NT4
- wntCurrUsers Behavior
- wntDomainSync Error 695
- wntEventLog Problem
- wntGetCon Error 509 Network component is Not Started or Invalid
- wntMemberDel- error 571
- wntMemberGrps returns 0 on DC running AD
- wntMemberGrps wntMemberSet - 562 invalid user name
- wntMemberList Behavior
- wntMemberList Error 522
- wntMemberList Problems
- wntOwnerGet - wntOwnerSet Tips
- wntOwnerSet Error 547
- wntRemoteTime and 530 Access Denied Error
- wntRemoteTime and Daylight Savings Time
- wntRunAsUser -- Security Side Effects
- wntRunAsUser 713 Unable to Set Window Station Access
- wntRunAsUser and Act as Part of OS Clarification
- wntRunAsUser and Called Scripts
- wntRunAsUser and Debugging Problem
- wntRunAsUser and No Permission on Local Machine
- wntRunAsUser Discussion in French
- wntRunAsUser Error 637
- wntRunAsUser Error 638
- wntRunAsUser Function - 1
- wntRunAsUser Function - 2
- wntRunAsUser Function - 3
- wntRunAsUser Function Used Twice in Script
- wntRunAsUser RunWithLogon Security Context
- wntRunAsUser to AutoAdminLogon after Reboot
- wntRunAsUser Windowstation and Desktop Permissions on WinXP
- wntServerList and wntServiceAt
- wntServerType
- wntShutDown Error 694
- wntUser... and Update User Accounts
- wntUserAdd Adding a Domain User
- wntUserAdd Bug
- WntUserAddDat and Max_storage
- wntUserGetDat 524 Unable to Access Specified Server
- wntUserGetDat and Logon_hours Flag
- wntUserSetDat and Logon Hours
- wNTUserXXXDat Function and Flags
- wxxUserGetDat and Last Logon Date
Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
wntRunAsUser and No Permissions on Local Machine
Keywords: wntRunAsUser Permissions on Local Machine
User:
Does wntRunAsUser need to be run from a domain account in the same domain that you will be trying to authenticate against?When I do wntRunAsUser(\\pdc,user,password,3,1) I get an error 639(logon failure)...the username and password are correct; however when I look at my local event logs I see a failed logon attempt(529) the domain is correct in the event record? but when I go to \\pdc I see no failed logon attempts... anyone got any ideas? Thanks!
Tech Support:
What does "user" look likeIf it is of the format "joe" then it will use "joe" in the //pdc I think
If you use the format "otherdc/joe" or was it "otherdc\joe" then it will try to authenticate to the "otherdc" domain.
User (cont'd):
I've tried user every way I can think of:domain\user, domain/user, user@domain ...
they still all only show up in the local event logs...
along with the local 529 errors there are also 681 errors with an errorcode of 3221225572 which corresponds to "User logon with misspelled or bad user account", which locally speaking is true because there is no local "user" account...
Tech Support:
The PC you are running the script on is in Domain A, but you want to RunAs a user from Domain B. Is PDC a server in Domain A or B? And is there any trust between the domains? Can you map to the PDC (or other server in Domain B) and connect using the username and password you have?User (cont'd):
Actually, the PC(w2k srv sp3) I'm running the script from is in Domain A of Forest1 and PDC is a (w2k srv sp3)Server in Domain B of Forest2. There is no problem in mapping a drive manually or even using the UNC style mount(it'll ask me for alternate credentials but it works fine)Tech Support:
Also look in the wwwbatch.ini file in your Windows directory and see if there is additional error diagnostic info in there.User (cont'd):
Here's what's in wwwbatch.ini:[WWWNT34I] LastError=1326 (LogonUser)
Tech Support:
// // MessageId: ERROR_LOGON_FAILURE // // MessageText: // // Logon failure: unknown user name or bad password. // #define ERROR_LOGON_FAILURE 1326LAnd the errors are in your local event log? do you have access to the PDC event log, is there anything in there about it?
Post a sample script that does not work (replace username/password etc, but other than that leave as is).
User (cont'd):
Yeah I have access to the PDC event logs...there's nothing in them (pertaining to this) .... no evidence that it's even trying to authenticate against PDC...My sample script is pretty short since the wntrunasuser is at the beginning:
addExtender("wwwnt34i.dll")
DebugTrace(@on, "debugme.txt")
srv="\\servername"
user=user
password=password
wntRunAsUser(srv, user, password,3,1)
and it blows up...
Tech Support:
wntRunAsUser will take a Domain as the first param. Maybe try that?User (cont'd):
Tried domain as the first parameter; didn't work:(Thanks for all of these suggestions though!
Tech Support:
Instead of:user=user password=passwordwhich would give an error that the variable user is undefined, please fake up a more realistic looking sample like:
user="Domain7\jdoe" password="fudgesicles"as obviously the main problem seems to be in the setitngs of these parameters.
And you *are* trying to log on to \\PDC ??
or are you trying to log on to the local machine? What machine are you trying to get security permissions for? \\PDC or the local machine?
For the local machine the first parameter should be ""
User (cont'd):
I'm on the local machine and I need to authenticate as a domain account on \\PDC that has access to resources on yet another machine. does this make sense or am I just tangling the web even more?Tech Support:
Does the user you are trying to authenticate as have permissions to run on the local machine?Maybe you are getting kicked off the local machine.
User (cont'd):
No, because local machine is not in the same forest as the user... does the user need permissions to run on the local machine? I wouldn't think that that would be necessary...Let me try to explain my situation a little better...
-I'm running this script from computerA in forest1
-I need to access a share and change the privledges of that share on computerB of domainX in forest2
-The only user that has rights to assign privledges to the share on computerB is userA
-userA is a domain user account of domainY in forest2
-so I need to runas userA from ComputerA but I can't:(
Tech Support:
I think maybe the user you are trying to run as also needs permission to execute on the local machine....because that is where the script is executing, and otherwise we have an unauthorized user executing code on the local machine....That's my best guess anyway.
Article ID: W15565
File Created: 2003:05:13:11:28:56
Last Updated: 2003:05:13:11:28:56