'run-as' credentials in explorer on domain windows server 2012

When trying to access privileged folders through DFS on a domain account that doesn't have access to the folders in question, I am prompted for credentials of a user who does have access to those folders. Providing valid credentials, even the master admin account of the domain, does not grant access to these folders. When on the network but not logged on to the domain I am able to go through the process of providing valid authenticated credentials to these folders, I am only unable to access when attempting to use these 'run-as' credentials under a user account on the domain that doesn't have access to the folders I'm trying to access. How do I make this work?
botsadminsAsked:
Who is Participating?
 
botsadminsConnect With a Mentor Author Commented:
The share I'm trying to access is it's own share created in DFS management. The current user has no mapping to or permissions to the share. They are mapped to different shares on the same server, including a redirect$ for their desktop, documents and such. I did create a share specifically for the adminstrators and when providing administrative credentials I'm told I don't have permission.
0
 
botsadminsAuthor Commented:
The title of this looks misleading to me now, I'm not attempting the 'run-as' credentials from the server itself, but from a computer joined to a domain run from windows server 2012.
0
 
Amit KhilnaneyCommented:
From what i understand you are trying to access a folder where local user has access but domain user don't.

While logged on via domain account. Enter credentials like below.

until unless you mention the domain/computer you are logging on it. It will assume like the way you logged on to computer.

i.e. mention the local computer name/username which has access to that folder

i.e.
computername/username  or ./username  (dot/username)
password
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
botsadminsAuthor Commented:
There are specific domain users who do have access to the folder, the folder is on the server, it's a share created with DFS Management. Most domain users to not have access. However when providing support and configuring user PC's, it is often pertinent to have access to files I would rather they otherwise be unable to access while still being logged into their account. I'm familiar with escaping or entering a different domain, that's not the issue I'm having here.
0
 
MaheshArchitectCommented:
Instead of accessing DFS links (those are virtual links, pointing to some else target), you need to access actual shared folder path, then only it will work with runas credentials.

I have faced this issue long back ago and no matter what so ever I have tried, it doesn't worked. Its domain migration scenario in my case.
Hence I have find actual share folder path behind link and then get access or need to use $ share path with admin account.

Mahesh
0
 
botsadminsAuthor Commented:
My file server is on the same server as my AD controller, and the error I get says "Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed." Trying the actual folder path gives the same error. Do I need to have my files stored on a different server to fix that? Is there a way to temporarily disconnect the logged in users connection as a workaround?
0
 
botsadminsAuthor Commented:
Also, thank you for your answer Mahesh.
0
 
botsadminsAuthor Commented:
bump. bump bump. still not resolved.
0
 
hecgomrecCommented:
By the description of "multiple connections" I think you are trying to access a folder on a share that is currently mapped as a "drive".

You can only have certain amount of concurrent active connections to a shared folder.  If there is a connection already on this client with another user credentials even with different rights, the OS won't give access to the resource.

Solutions / Workaround:

1. Disconnect the current user mapping access to the share and try using yours (admin) once finish reconnect the share to the user.

2. Create a new share (folder) on the server only for the administrators with the files they need. (recommended). Once on the station just map to the share with your credentials and disconnect when finish or access the share by typing the share on an explorer window and providing credentials every time.
0
 
MaheshArchitectCommented:
Try to access actual shared folder with FQDN

Ex: \\Server1.contoso.com\share1\app

Mahesh
0
 
botsadminsAuthor Commented:
It's because the users are mapped to folders in the same parent directory. 1 connection can't have more than one username. Decided to give them read rights to a specific folder to have the tools available I need for them
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.