Remote authentication to a stand-alone Win2k Workstation on a Workgroup
From: PhCrypto (PhCrypto_at_nospam.nospam)
Date: 01/11/05
- Next message: lelteto: "Re: Can we add a new Cryptographic Service Provider to the registr"
- Previous message: Sam Hobbs: "Re: WriteProcessMemory"
- Next in thread: Rhett Gong [MSFT]: "RE: Remote authentication to a stand-alone Win2k Workstation on a Workgroup"
- Reply: Rhett Gong [MSFT]: "RE: Remote authentication to a stand-alone Win2k Workstation on a Workgroup"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 11 Jan 2005 10:39:06 -0500
With a Principal credentials readily available,
remotely accessing services and resources on various Windows 2000
Workstations/Servers
seems to be straight forward in a Domain scenario.
Call LogonUser() passing in the creds from the domain principal and
subsequently
call ImpersonateLoggedOnUser() passing in the (HANDLE hToken) acquired from
the previous LogonUser() call.
How does one go about doing this from Windows 2000 Workstations that are
either on UN-trusted domains or reside in separate WORKGROUPS ?
I found MSDN documentation and code samples that illustrate how to do the
above using the SSPI API. However, they all seem to require a client binary
that talks to a remote server binary. The client negotiates a socket channel
with the server and they authenticate back and forth through "NTLM".
Is there a uniform port to use when authenticating to a remote LSA ?
Is there a way to get a security token and pass that into a call to
ImpersonateLoggedOnUser(). Then go ahead and perform the remote operations ?
For my purposes, all I require is to remotely login to the Win2k workstation
as an existing principal on that remote computer. What I mean by that is to
login to the Security Authority on the remote Win2k workstation computer.
Then manipulate or automate the services and resources remotely using a
security token. This is precisely what I'm doing in a domain scenario using
LogonUser()/ImpersonateLoggedOnUser().
Can anyone help with this ?
Thanks,
PhCrypto
- Next message: lelteto: "Re: Can we add a new Cryptographic Service Provider to the registr"
- Previous message: Sam Hobbs: "Re: WriteProcessMemory"
- Next in thread: Rhett Gong [MSFT]: "RE: Remote authentication to a stand-alone Win2k Workstation on a Workgroup"
- Reply: Rhett Gong [MSFT]: "RE: Remote authentication to a stand-alone Win2k Workstation on a Workgroup"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
