Home > IT Answers > Security > Automated Remote Login to Different AD Domain
PaperMaker
0 pts.
 Automated Remote Login to Different AD Domain
Security management, IT architecture
I need to a way to run a script and connect to a remote computer in another AD Domain.

I have a User/Password for use in the remote domain.

I need a script that is the equivalent of:

1. Start | Run | \ServerName

2. In "Enter Network Password" dialog:
Connect As: DomainServerName
Password: ********

I can do the above to "manually" authenticate to a machine. I need a way to do this programmatically.


Thanks for all input.
ASKED: May 16, 2005  3:01 PM GMT
UPDATED: May 30, 2005  12:46:53 PM GMT
RELATED QUESTIONS
pedwards17
0 pts.
Answer Wiki:
Do you need to map a drive, or do you just need an authenticated connection? Maybe I'm missing something, but this seems pretty straightforward. All you have to do is use the old "net use" command in a *.bat or a *.cmd file that you call when you need:
for simple authentication, net use \servernameIPC$ /User:remotedomainnameremoteusername password

for a mapped drive, just insert the drive letter you want to use locally and the sharename on the remote system:
net use g: \servernamesharename /User:remotedomainnameremoteusername password

If I a missing something, let me know.
Paul
Last Wiki Answer Submitted:  May 16, 2005  4:07 PM (GMT)  by  pedwards17   0 pts.
To see other answers submitted to the Answer Wiki View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



 

Thanks for the input, Paul
I do know about using the “net use” command, and I have used it to authenticate to shares on this other domain.

What I am trying to do now is print from one domain to another. I haven’t been able to make “net use” work for printing. I *can* use the “manual” authentication method I mentioned above to establish a NetBIOS session (authenticated connection)to the remote domain (not mentioning a share name) and then I can print until any of my local machines has to be rebooted. My operators (Process Control domain) don’t know how to do this manual authentication (and don’t have authority anyway)– thus I need a way to do it via a machine startup script or bat file.

PaperMaker
 0 pts.
 

You could try ‘net use remoteservernameprintername /User:remotedomainnameremoteusername password’

This should get you connected. Based on your previous message, I don’t know if you’ve tried this or not. If you have, sorry for the redundancy.

pedwards17
 0 pts.
 

Why not set up a trust relationship between the domains, then your local users will not need to sign onto the other domain - they will have access to the resources, including the printers.

PhilReed
 0 pts.
 

This is a “Process Control” domain at a manufacturing facility and company policy is to NOT have trusts relationships between Process Control and the BizLAN.

Today I have been able to allow my (very restricted) operators to print from key applications to printers on the BizLAN network. The operators are restricted to the point that they cannot set up printers with their logon. I set up a default printer to LPT1 port and then used a logon batch file for the “operators” group policy like this: “net use LPT1 BizLAN_PrintServerBizLAN_Printer BizLAN_Password /user:BizLAN_DomainBizLAN_AccountName /persistent:no”

I also added firewall rules to let this communication take place between Process Control and the BizLAN.

Thanks to everyone for their input.

PaperMaker
 0 pts.
 

An important question is, what your security requirements are. How far can you trust your Bizz LAN? What are the risks, what is the impact of compromizing the Process Control environment?
If security is important:
- Don’t use Trusts between domains;
- Don’t allow NetBIOS traffic through the firewall;
- Don’t use passwords in scripts.
An option could be to use SSH with public key authentication.

Menno Tjoelker

MennoT
 0 pts.