?
Solved

"user not authorized" when running program from NT machine on XP machine

Posted on 2003-03-31
14
Medium Priority
?
250 Views
Last Modified: 2013-12-04
I'm trying to run a program from a Windows NT machine on a Windows XP Pro machine with a command line tool. When I do this I get a error message: "remote userid not authorized". When I do the same thing from XP to XP machine or XP to NT machine, the program starts up.
How can I fix this?
0
Comment
Question by:wooliepower
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 3
  • +2
14 Comments
 

Author Comment

by:wooliepower
ID: 8243584
help
0
 
LVL 3

Expert Comment

by:erikdr
ID: 8244937
It's clearly a matter of credentials, and NT accepting the XP credentials while not the other way round.
Option 1): Make sure both machines are in the same domain (ADS probably), and use a network userid on NT which should have enough local rights on the XP box also.
Option 2): Go fiddling around with trusts if they are in different domains.

Good luck,

<Erik> - The Netherlands
0
 

Author Comment

by:wooliepower
ID: 8245003
Erik,

the two machines are in the same domain and the domain users are set as local administrators.
What else can I do?
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
LVL 9

Accepted Solution

by:
MSGeek earned 750 total points
ID: 8245770
Explicitly add the domain uset from the NT box to the XP box.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 8247516
WOOLIEPOWER... "domain users are set as local administrators"

Do as MSGEEK told you, BUT PLEASE READ THIS CAREFULLY:

You must NEVER NEVER add a Domain User Group to the Local Admin Group on each workstation.

And You must NEVER add the same Domain User to the Local Admin Group on more than his/hers own workstation

If You add a Domain User Group to the Local Admin Group, every member of this Domain User Group gets unlimited REMOTE access power of every workstation on Your network.

The unlimited REMOTE access involves:
1. Explorer: \\ComputerName\C$
2. Registry
3. Computer Management (Control Panel)


IF YOU WANT TO KNOW MORE ABOUT THIS ISSUE:
http://www.experts-exchange.com/Security/Win_Security/Q_20506528.html
http://www.tryware.dk/English/W2kLocalGroupPolicy/TotalAdminPower.html
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/evaluate/featfunc/07w2kadc.asp
http://support.microsoft.com/?kbid=182734


IF YOU WANT TO TEST IT:
You have to grant a Domain User Group to the Local Admin Group on BOTH test-workstations, AND logout and logon again.

Important: You have to make a new logon after creating the credentials, because they are given in W2k in the second where You press ENTER to password when logging on.

Please reply, when You have removed the Domain User Group from the Local Admin Group again!


Many Regards

Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open

MSGEEK... ;o)
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8247594
Jorgen, I was wondering if you would see this one? :)
0
 
LVL 24

Expert Comment

by:SunBow
ID: 8247796
> You must NEVER NEVER add a Domain User Group to the Local Admin Group on each workstation.

> And You must NEVER add the same Domain User to the Local Admin Group on more than his/hers own workstation

I agree. But realistically, all the major companies and corporate hacks think they have to have exactly that and more to manage a corporate network through remote processes. IMO unecessary and evil to implement a handful of simple intrusions.

I have my best luck at getting two machines to agree, when they are both booted standalone (no domain), for same UserID/Psw. While XP doesn't like NT to access, strangely, the NT accessed Exchange2k better than my Win2k. A domain upgrade knocked them both out. If you cannot do admin for PDCs or AD, then I wish you luck (and feel sorry for you if stuck with AD).
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8247822
SunBow ... does that mean your an NDS fan?
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 8248083
SUNBOW... "But realistically, all the major companies and corporate hacks think they have to have exactly that and more to manage a corporate network through remote processes"

In order to MANAGE a network add Global Domain Admins Group to every Local Admins Group.

In order to let Domain Users use programs that updates themselfes, add Domain Users to Local Power Users OR ...
add the Domain User to the Local Admin Group ONLY on his/hers own workstation.

In order to have Domain Users using different workstations, you really got a problem.

BTW I'm from Denmark, and I know that BTW means By The Way, but I did'nt understand IMO.

WOOLIEPOWER... Sorry to interrupt your problem about NT to XP, but you could use this answer too.

0
 
LVL 12

Expert Comment

by:trywaredk
ID: 8248342
WOOLIEPOWER... Choose Community Support, and ask a moderator to add the answers from http://www.experts-exchange.com/Security/Win_Security/Q_20569667.html to this question
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8248419
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8252667
WooliePower.. glad I could help, what finally resolved your problem?
0
 

Author Comment

by:wooliepower
ID: 8259113
MSGEEK  to be honest I didn't try anything. My boss gave me some more urgent things to do, so I didn't have time to find out yet. If you want I can mail you the solution...
(bjorn.pieters@sidmar.arcelor.com)
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8260880
Please advise if you would like a refund of your points.  I am not sure it will be granted, but I can request it.  Let me know?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month12 days, 17 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question