• State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 19 subscribers
  • Views 667 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Problem with registry access when switching domains.

tjjenkin

I have a problem with 2 workstations that used to be a member of "domain2".  They now are members of "domain3".  My admin PC is on "domain1".  Domain2 and domain1 did have a trust relationship.  Domain3 and domain1 do not have a trust relationship.  Both of the remote workstations in question have Windows 7 64-bit.  My PC is running Windows 7 32-bit.

Using my domain1 credentials to run the software, I do not have registry access, cannot view services, cannot install the remote service, etc (error 5, access is denied).  If I run the software with a local PC account on my domain1 machine, I am able to complete all actions on the domain3 PCs.  I have Dameware set to pass the domain3 admin credentials when authenticating.

For some reason, it seems that there are some "leftover" credentials or permissions associated with my domain1 account on the domain3 (formerly domain2) PCs.  I have scoured the remote PCs for stored passwords, profiles, or permissions that might refer to my domain1 account and have found none.  I have deleted all stored passwords.

For the other identical PC's that are now a part of domain3 (but were in workgroups before), everything works as it should with no problem.

Can someone point me in a direction on what might be causing this problem?

If I attempt to connect to the registry of the 2 problem workstations with regedit, regedit will connect without asking for a password - it shouldn't, my domain1 account should have no permissions or trust on the domain3 machines.  Once it does connect, I am only able to view a few keys that are set to "Everyone" read permission.  Domain3 machines that were never part of domain2, ask for credentials when I do this, so I enter the domain3 credentials and have full registry access.

Thanks for any light you can shed on this!

  • 0

    So under Tools->Login As we have the "domain3" credentials? Can we make sure "Close any current connections to this machine" is checked?

  • 0 in reply to rob.hock

    Yes, under Tools->Login As, I have the domain3 credentials.  And the close connections box is checked.  These are set as the default security credentials.

    If I am on one of the problem workstations in Dameware from my domain1 PC, and click the Login As, I get this error:

    Failed to logon.

    System Error: 1326

    System Message:

    Logon failure: unknown user name or bad password.

    I am using the domain admin credential - and this same credential works on all the other domain3 PC's I have set up in Dameware - the ones that were never joined to domain2.

    If I go to the remote PC, and use these same credentials they log me into the PC.  The PC's are for sure joined to domain3.

  • 0 in reply to tjjenkin

    Just for comparison purposes, can we try to login as the local administrator on the remote workstation from the DameWare console?

  • 0 in reply to rob.hock

    I get the same exact response and error message.  There are certain things I can view, like disk usage, users, groups, and open files.  But I cannot access registry, services, processes, remote control, etc.

    It really seems like my domain1 credentials are being passed to the domain3 PC's for some reason.  Like when I use regedit and connect to the PC, Windows does not ask me for credentials, it uses my domain1 credentials and shows part of the registry that is set for Everyone to view.  Other domain3 PC's, Windows asks for credentials before it will connect to any part of the remote domain3 workstation registry.

  • 0 in reply to tjjenkin

    Perhaps it is time to have our support team dig in and get to the bottom of this. A support ticket can be opened here: Technical Support | DameWare

  • 0

    To me it appears that there is still some credentials left from domain2 on the computers (or even of domain1 since there was a trust). locally on those computers, look for the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

    Here, you will have sub-keys for each user registered in the machine called something similar to S-1-5-21-4126677237-3543887189-3162024088-4761. If you open them, you can tell what user they belong to by reading the "ProfileImgaePath" string. Look for any keys that have domain2 or domain1 users and delete them. Restart the computer and try DameWare Remote Support.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.