locked
User Impersonation RRS feed

  • Question

  • I have a question in regards to impersonation. I have a user who is not a member of our domain but he has access to some of our network resourses and an application though VPN. For the application, he receives bad username passord error when he trys to open it, SQL does not authenticate this user because it is from another domain.

    Now my question is, is it possible to impersonate xyz\user to abc\NewUser? I want him to have access to the application. So I need a way to get him authenticated in our domain.

     

    Thanks for your help,

    Wednesday, October 12, 2011 2:35 PM

Answers

  • Hi nooshins,

    Welcome to the MSDN forum!

     

    There is an article providing a promising solution for your problem. Please take a look at the following link:

     

    TIP: How to Run Programs as a Domain User from a Non-domain Computer
    http://codebetter.com/jameskovacs/2009/10/12/tip-how-to-run-programs-as-a-domain-user-from-a-non-domain-computer/

    In the meantime, I have pasted some information for you as a reference:

    The fact that you’re using different domain credentials to access the resource from those that you logged in with doesn’t matter one bit. If you want to expedite the process and not wait for an authentication time-out, you can utilize NET USE from the command line to tell Windows which credentials you want to use when accessing certain computers. You can even make them persistent or roll the whole thing into a batch script that you can execute whenever at a particular client.

    net use \\server /user:domain\username /persistent:yes

    For years (yes, years) I have resorted to using Remote Desktop to log into a domain computer so that I could run SQL Server Management Studio, used a domain-joined virtual machine, or begged co-workers to run commands for me… It is a simple command line switch for the RUNAS command that I never noticed: /netonly. (Note that the /netonly flag is not accessible via the SHIFT right-click menu, only via the command line.)

    runas /netonly /user:domain\username “C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe”

    If it helps, please let us know at your convenience.

    Have a nice day!

    This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.


    Yoyo Jiang[MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.




    • Edited by Dummy yoyo Friday, October 14, 2011 8:13 AM
    • Proposed as answer by Dummy yoyo Wednesday, October 19, 2011 3:13 AM
    • Marked as answer by Dummy yoyo Wednesday, October 19, 2011 8:02 AM
    Friday, October 14, 2011 3:13 AM

All replies

  • Active Directory Federation Services or a true domain trust might be your friends.

    You can also use SQL Authentication or a Local account on the SQL Box which works regardless of domain membership.

    For better support I guess you're better off asking these kinds of questions in an AD or SQL group.

    Wednesday, October 12, 2011 6:31 PM
  • Hi nooshins,

    Welcome to the MSDN forum!

     

    There is an article providing a promising solution for your problem. Please take a look at the following link:

     

    TIP: How to Run Programs as a Domain User from a Non-domain Computer
    http://codebetter.com/jameskovacs/2009/10/12/tip-how-to-run-programs-as-a-domain-user-from-a-non-domain-computer/

    In the meantime, I have pasted some information for you as a reference:

    The fact that you’re using different domain credentials to access the resource from those that you logged in with doesn’t matter one bit. If you want to expedite the process and not wait for an authentication time-out, you can utilize NET USE from the command line to tell Windows which credentials you want to use when accessing certain computers. You can even make them persistent or roll the whole thing into a batch script that you can execute whenever at a particular client.

    net use \\server /user:domain\username /persistent:yes

    For years (yes, years) I have resorted to using Remote Desktop to log into a domain computer so that I could run SQL Server Management Studio, used a domain-joined virtual machine, or begged co-workers to run commands for me… It is a simple command line switch for the RUNAS command that I never noticed: /netonly. (Note that the /netonly flag is not accessible via the SHIFT right-click menu, only via the command line.)

    runas /netonly /user:domain\username “C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe”

    If it helps, please let us know at your convenience.

    Have a nice day!

    This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.


    Yoyo Jiang[MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.




    • Edited by Dummy yoyo Friday, October 14, 2011 8:13 AM
    • Proposed as answer by Dummy yoyo Wednesday, October 19, 2011 3:13 AM
    • Marked as answer by Dummy yoyo Wednesday, October 19, 2011 8:02 AM
    Friday, October 14, 2011 3:13 AM
  • Hi nooshins,

    I temporarily mark my last reply as answer. You can unmark them if they provide no help.

    Thank you for your understanding!

     

    Best regards,

    Yoyo.


    Yoyo Jiang[MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, October 19, 2011 8:02 AM
  • Thank you for your reply. It was very useful.
    Wednesday, October 19, 2011 1:32 PM
  • You are welcome. :)
    Yoyo Jiang[MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Thursday, October 20, 2011 2:07 AM