Solved

'run-as' credentials in explorer on domain windows server 2012

Posted on 2014-02-04
11
654 Views
Last Modified: 2014-02-17
When trying to access privileged folders through DFS on a domain account that doesn't have access to the folders in question, I am prompted for credentials of a user who does have access to those folders. Providing valid credentials, even the master admin account of the domain, does not grant access to these folders. When on the network but not logged on to the domain I am able to go through the process of providing valid authenticated credentials to these folders, I am only unable to access when attempting to use these 'run-as' credentials under a user account on the domain that doesn't have access to the folders I'm trying to access. How do I make this work?
0
Comment
Question by:botsadmins
11 Comments
 

Author Comment

by:botsadmins
ID: 39833237
The title of this looks misleading to me now, I'm not attempting the 'run-as' credentials from the server itself, but from a computer joined to a domain run from windows server 2012.
0
 
LVL 8

Expert Comment

by:Amit Khilnaney
ID: 39833479
From what i understand you are trying to access a folder where local user has access but domain user don't.

While logged on via domain account. Enter credentials like below.

until unless you mention the domain/computer you are logging on it. It will assume like the way you logged on to computer.

i.e. mention the local computer name/username which has access to that folder

i.e.
computername/username  or ./username  (dot/username)
password
0
 

Author Comment

by:botsadmins
ID: 39833515
There are specific domain users who do have access to the folder, the folder is on the server, it's a share created with DFS Management. Most domain users to not have access. However when providing support and configuring user PC's, it is often pertinent to have access to files I would rather they otherwise be unable to access while still being logged into their account. I'm familiar with escaping or entering a different domain, that's not the issue I'm having here.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39833565
Instead of accessing DFS links (those are virtual links, pointing to some else target), you need to access actual shared folder path, then only it will work with runas credentials.

I have faced this issue long back ago and no matter what so ever I have tried, it doesn't worked. Its domain migration scenario in my case.
Hence I have find actual share folder path behind link and then get access or need to use $ share path with admin account.

Mahesh
0
 

Author Comment

by:botsadmins
ID: 39833596
My file server is on the same server as my AD controller, and the error I get says "Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed." Trying the actual folder path gives the same error. Do I need to have my files stored on a different server to fix that? Is there a way to temporarily disconnect the logged in users connection as a workaround?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:botsadmins
ID: 39833598
Also, thank you for your answer Mahesh.
0
 

Author Comment

by:botsadmins
ID: 39836134
bump. bump bump. still not resolved.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39836323
By the description of "multiple connections" I think you are trying to access a folder on a share that is currently mapped as a "drive".

You can only have certain amount of concurrent active connections to a shared folder.  If there is a connection already on this client with another user credentials even with different rights, the OS won't give access to the resource.

Solutions / Workaround:

1. Disconnect the current user mapping access to the share and try using yours (admin) once finish reconnect the share to the user.

2. Create a new share (folder) on the server only for the administrators with the files they need. (recommended). Once on the station just map to the share with your credentials and disconnect when finish or access the share by typing the share on an explorer window and providing credentials every time.
0
 

Accepted Solution

by:
botsadmins earned 0 total points
ID: 39836719
The share I'm trying to access is it's own share created in DFS management. The current user has no mapping to or permissions to the share. They are mapped to different shares on the same server, including a redirect$ for their desktop, documents and such. I did create a share specifically for the adminstrators and when providing administrative credentials I'm told I don't have permission.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39838746
Try to access actual shared folder with FQDN

Ex: \\Server1.contoso.com\share1\app

Mahesh
0
 

Author Closing Comment

by:botsadmins
ID: 39864313
It's because the users are mapped to folders in the same parent directory. 1 connection can't have more than one username. Decided to give them read rights to a specific folder to have the tools available I need for them
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Remove Installed Application 1 45
Python 3.5.2 32 virtualenv problems 3 13
MSDN Licensing query 5 55
hardrive and reformat 5 50
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now