No announcement yet.

Using the same "Logon As" credentials for the whole domain

  • Filter
  • Time
  • Show
Clear All
new posts

  • Using the same "Logon As" credentials for the whole domain

    Hi all...

    I've been beating my head against the wall trying to figure out how to do this. Checked docs and forum but couldn't find an answer, so apologies in advance if the answer to this exists somewhere already.

    I'm trying to do an inventory of systems for a client using Hyena to save myself time/hassle. My notebook is running Hyena, in a workgroup called Fortress. The client has a domain called IDC as well as a few straggler systems in MSHOME and Workgroup workgroups.

    My problem is that when I try to look at systems in the domain, I get "Access Denied". Fair enough, I can use "Logon As" to access each individual systems, but with over 100 systems this gets pretty tiring.

    I tried making a domain admin account with exactly the same username/passwd as what I use on my notebook, but I still get "Access Denied" on servers in the domain.

    The last thing I tried is selecting all the objects in the list pane, right clicking, and using "Logon As". Apparently this does a logon to each system sequentially, with a 60 second timeout on systems that are offline. Obviously a time-consuming method that is less than ideal.

    Isn't there some way to set an account to use for all objects in the domain? Like I'd think I could just go into Hyena properties for the domain and find a "Use domain account..." setting or something along those lines.

    Am I missing something, or is "Logon As" to each individual machine the only way to get this done, short of joining my notebook to the domain?

    Thanks in advance...

  • #2
    Re: Using the same "Logon As" credentials for the whole domain

    The method you gave is typically what is used in a situation like that. Another option to test would be to right-click on Hyena.exe and choose Run As.


    • #3
      Re: Using the same "Logon As" credentials for the whole domain

      Thanks for the speedy reply. I'm running Vista so no "Run As" option. I tried using runas.exe as mentioned here :

      %windir%\system32\runas.exe /user:domain\username "c:\Program Files\Hyena\HYENA.EXE"

      ...which prompts me for a password but then gives me the following error:

      RUNAS ERROR: Unable to run - C:\Program Files (x86)\Hyena\HYENA.exe
      1058: The service cannot be started, either because it is disabled or because it
      has no enabled devices associated with it.

      Is there a way to get RunAs to work under Vista?


      • #4
        Re: Using the same "Logon As" credentials for the whole domain

        You seem to be doing all of the common things, but here are some things to consider that might help explain why you are experiencing some of these issues:

        - Windows does not have any mechanisms for connecting to or logging on to an entire domain. The only way to authenticate to a large group of computers is through either your current account, a duplicate account with the same name/password as the one you are using, or through a Run As.

        - There also isn't really any mechanism in Windows to authenticate with an alternate set of credentials either, but you can sort of work around it, which is what Hyena does when you do a Logon As. What happens is that Hyena will set up an IPC$ connection to the computer. Then, Windows will use that connection by default any time any action is attempted. Creating this connection is time-consuming, so once you create one, Hyena will NOT remove it unless you exit Hyena or manually remove it. And, if you already accessed a computer with a less-priviledge account, you might have an IPC$ connection that prevents you from creating a higher access-level one.

        So, to see if you have any, either use Hyena's Local Workstation->Local Connections object or go to a command prompt and type NET USE.

        Hyena has an option on the Local Connections->IPC$ Connections that you can use to remove them all, or you can create a script to remove them all, or just reboot.

        When you do a Logon As, all Hyena does is create an IPC$ connection, which you can do manually:

        NET USE \\server\ipc$ /user:xxx *

        You could do this in a batch file but it would be a bit of a pain to setup and use.

        - Creating a duplicate admin account on the domain will work, but you need to make sure the other computers are members of the domain, and that they have the domain account or domain admin group, etc. as a member of the computer's LOCAL Administrators group.

        - RunAs is a command that will allow you to enter an alternate set of credentials, and for testing it works best to use it from the command line. An alternate way is to enter the username/password on the Advanced tab on the shortcut itself. This option is removed on Vista, so you have to use RunAs on Vista.

        [This message has been edited by kstanush (edited 04-14-2008).]
        Kevin Stanush
        SystemTools Software Inc.