Solved

'run-as' credentials in explorer on domain windows server 2012

Posted on 2014-02-04
11
653 Views
Last Modified: 2014-02-17
When trying to access privileged folders through DFS on a domain account that doesn't have access to the folders in question, I am prompted for credentials of a user who does have access to those folders. Providing valid credentials, even the master admin account of the domain, does not grant access to these folders. When on the network but not logged on to the domain I am able to go through the process of providing valid authenticated credentials to these folders, I am only unable to access when attempting to use these 'run-as' credentials under a user account on the domain that doesn't have access to the folders I'm trying to access. How do I make this work?
0
Comment
Question by:botsadmins
11 Comments
 

Author Comment

by:botsadmins
ID: 39833237
The title of this looks misleading to me now, I'm not attempting the 'run-as' credentials from the server itself, but from a computer joined to a domain run from windows server 2012.
0
 
LVL 8

Expert Comment

by:Amit Khilnaney
ID: 39833479
From what i understand you are trying to access a folder where local user has access but domain user don't.

While logged on via domain account. Enter credentials like below.

until unless you mention the domain/computer you are logging on it. It will assume like the way you logged on to computer.

i.e. mention the local computer name/username which has access to that folder

i.e.
computername/username  or ./username  (dot/username)
password
0
 

Author Comment

by:botsadmins
ID: 39833515
There are specific domain users who do have access to the folder, the folder is on the server, it's a share created with DFS Management. Most domain users to not have access. However when providing support and configuring user PC's, it is often pertinent to have access to files I would rather they otherwise be unable to access while still being logged into their account. I'm familiar with escaping or entering a different domain, that's not the issue I'm having here.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39833565
Instead of accessing DFS links (those are virtual links, pointing to some else target), you need to access actual shared folder path, then only it will work with runas credentials.

I have faced this issue long back ago and no matter what so ever I have tried, it doesn't worked. Its domain migration scenario in my case.
Hence I have find actual share folder path behind link and then get access or need to use $ share path with admin account.

Mahesh
0
 

Author Comment

by:botsadmins
ID: 39833596
My file server is on the same server as my AD controller, and the error I get says "Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed." Trying the actual folder path gives the same error. Do I need to have my files stored on a different server to fix that? Is there a way to temporarily disconnect the logged in users connection as a workaround?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:botsadmins
ID: 39833598
Also, thank you for your answer Mahesh.
0
 

Author Comment

by:botsadmins
ID: 39836134
bump. bump bump. still not resolved.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39836323
By the description of "multiple connections" I think you are trying to access a folder on a share that is currently mapped as a "drive".

You can only have certain amount of concurrent active connections to a shared folder.  If there is a connection already on this client with another user credentials even with different rights, the OS won't give access to the resource.

Solutions / Workaround:

1. Disconnect the current user mapping access to the share and try using yours (admin) once finish reconnect the share to the user.

2. Create a new share (folder) on the server only for the administrators with the files they need. (recommended). Once on the station just map to the share with your credentials and disconnect when finish or access the share by typing the share on an explorer window and providing credentials every time.
0
 

Accepted Solution

by:
botsadmins earned 0 total points
ID: 39836719
The share I'm trying to access is it's own share created in DFS management. The current user has no mapping to or permissions to the share. They are mapped to different shares on the same server, including a redirect$ for their desktop, documents and such. I did create a share specifically for the adminstrators and when providing administrative credentials I'm told I don't have permission.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39838746
Try to access actual shared folder with FQDN

Ex: \\Server1.contoso.com\share1\app

Mahesh
0
 

Author Closing Comment

by:botsadmins
ID: 39864313
It's because the users are mapped to folders in the same parent directory. 1 connection can't have more than one username. Decided to give them read rights to a specific folder to have the tools available I need for them
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
OfficeMate Freezes on login or does not load after login credentials are input.
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now