Solved

'run-as' credentials in explorer on domain windows server 2012

Posted on 2014-02-04
11
656 Views
Last Modified: 2014-02-17
When trying to access privileged folders through DFS on a domain account that doesn't have access to the folders in question, I am prompted for credentials of a user who does have access to those folders. Providing valid credentials, even the master admin account of the domain, does not grant access to these folders. When on the network but not logged on to the domain I am able to go through the process of providing valid authenticated credentials to these folders, I am only unable to access when attempting to use these 'run-as' credentials under a user account on the domain that doesn't have access to the folders I'm trying to access. How do I make this work?
0
Comment
Question by:botsadmins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 

Author Comment

by:botsadmins
ID: 39833237
The title of this looks misleading to me now, I'm not attempting the 'run-as' credentials from the server itself, but from a computer joined to a domain run from windows server 2012.
0
 
LVL 8

Expert Comment

by:Amit Khilnaney
ID: 39833479
From what i understand you are trying to access a folder where local user has access but domain user don't.

While logged on via domain account. Enter credentials like below.

until unless you mention the domain/computer you are logging on it. It will assume like the way you logged on to computer.

i.e. mention the local computer name/username which has access to that folder

i.e.
computername/username  or ./username  (dot/username)
password
0
 

Author Comment

by:botsadmins
ID: 39833515
There are specific domain users who do have access to the folder, the folder is on the server, it's a share created with DFS Management. Most domain users to not have access. However when providing support and configuring user PC's, it is often pertinent to have access to files I would rather they otherwise be unable to access while still being logged into their account. I'm familiar with escaping or entering a different domain, that's not the issue I'm having here.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 37

Expert Comment

by:Mahesh
ID: 39833565
Instead of accessing DFS links (those are virtual links, pointing to some else target), you need to access actual shared folder path, then only it will work with runas credentials.

I have faced this issue long back ago and no matter what so ever I have tried, it doesn't worked. Its domain migration scenario in my case.
Hence I have find actual share folder path behind link and then get access or need to use $ share path with admin account.

Mahesh
0
 

Author Comment

by:botsadmins
ID: 39833596
My file server is on the same server as my AD controller, and the error I get says "Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed." Trying the actual folder path gives the same error. Do I need to have my files stored on a different server to fix that? Is there a way to temporarily disconnect the logged in users connection as a workaround?
0
 

Author Comment

by:botsadmins
ID: 39833598
Also, thank you for your answer Mahesh.
0
 

Author Comment

by:botsadmins
ID: 39836134
bump. bump bump. still not resolved.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39836323
By the description of "multiple connections" I think you are trying to access a folder on a share that is currently mapped as a "drive".

You can only have certain amount of concurrent active connections to a shared folder.  If there is a connection already on this client with another user credentials even with different rights, the OS won't give access to the resource.

Solutions / Workaround:

1. Disconnect the current user mapping access to the share and try using yours (admin) once finish reconnect the share to the user.

2. Create a new share (folder) on the server only for the administrators with the files they need. (recommended). Once on the station just map to the share with your credentials and disconnect when finish or access the share by typing the share on an explorer window and providing credentials every time.
0
 

Accepted Solution

by:
botsadmins earned 0 total points
ID: 39836719
The share I'm trying to access is it's own share created in DFS management. The current user has no mapping to or permissions to the share. They are mapped to different shares on the same server, including a redirect$ for their desktop, documents and such. I did create a share specifically for the adminstrators and when providing administrative credentials I'm told I don't have permission.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39838746
Try to access actual shared folder with FQDN

Ex: \\Server1.contoso.com\share1\app

Mahesh
0
 

Author Closing Comment

by:botsadmins
ID: 39864313
It's because the users are mapped to folders in the same parent directory. 1 connection can't have more than one username. Decided to give them read rights to a specific folder to have the tools available I need for them
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question