Allow non-domain user to impersonate a domain user similar to after VPN authentication

Posted on 2008-11-12
Last Modified: 2012-05-05
I am a consultant who works on-site at many different client offices doing .NET coding and SQL administration.  I have my own Active Directory domain structure in place, and my clients have their own.  When I am at the client's office, using my business laptop (which is a computer on my domain, running Windows Vista Ultimate SP1), I am not able to use Windows Authentication for file shares, TFS, and SQL Server.  For file shares and TFS, I am prompted to log in as a domain user, but for SQL, I have to use a SQL login.  However, when I am at my office, and I VPN to their network (RRAS), I am now impersonating my (client) domain login.  I am able to access all resources as though I am that user, without being prompted, which makes life much easier.

My question is this: Is there a way to configure either my laptop or their network to allow me to impersonate my (client) domain login when I am physically on their network, just like when I am VPN'd in?
Question by:simsystem
    LVL 38

    Accepted Solution

    There is, but I am not sure you want to go down that road>

    You can build a domain trust, meaning their domain trusts yours. It's like a part of a domain /forest topology.

    The question is, will the folks who you consult, allow you to build that trust relationship between your domain and theirs?

    Other than that, you have to use their domain logon.

    There is also the RUN AS command. Sounds like you are familiar with that as well.

    Furthermore, you can map network drives, using credentials other than the ones you are currently logged on with. So, if you just wish to access file shares using different credentials, you can certainly create a mapped network drive to that share and tell that mapped drive you wish to use different credentials.

    Please advise where you wish to go from here.

    Author Comment

    That's what I thought.  

    The domain trust route is out, as I am running SBS2003 for my domain.  Mostly it is just a hassle having the log in prompt jump up every time I open VS, SSMS, etc.  I just thought that if MS had taken the time to get it working with VPN connections, then there might be a way to access the same functionality without the VPN.  

    Oh well.  Thanks for the help!

    Author Closing Comment

    Thanks again!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do email signature updates give you a headache?

    Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now