|
Posted by Brian Muth on June 18, 2008, 6:59 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Whenever I need to access a remote system which requires some authentication,
I preferred to use this command
>
> net use \<remote-system>\IPC$ /user:<remotesystem-login> <password>
>
> I have been using this for over 3 years ( I don't know how I learned about
this)
>
> It works fine if I want access shared files/foldes. Also if I execute above
mentioned command even pstools form sysinternals.com
> works (I don't have to provide the user name and passwords).
>
> This doesn't work if I run a DCOM client applicaiton.
>
> Say, the DCOM client is on client01 and the DCOM server is on server01 and
server01 has user administrator with all the permission
> and password as pass@word1. These systems are NOT part of a domain.
>
> if I run this on the client01
>
> net use \server01\IPC$ /user:server01\Administrator pass@word1
>
> I can then access anything on server01, C$ share, start or stop the services,
shutdown system, anything except DCOM. The DCOM
> client on client01 fails to connect.
>
> for the DCOM server on server01, I have assigned all permission to 'everyone'
& 'users' even then I get access denied error.
>
> Any ideas why DCOM is exception to this???
>
> Regards,
> Ashutosh
I'm not surprised. You have configured the DCOM server to permit "everyone" to
have access (and I hope have launch rights).
"Everyone" means "everyone who is authenticated". It does not mean "anonymous".
Therefore the client must present a known username
and password. Presumably it is presenting the name of the user who has launched
the client unless you have overridden this by
filling in the COAUTHIDENTITY struct and passing it to CoCreateInstanceEx(). The
IPC$ setting doesn't play a role in this handshake.
For remote computers that do not share a domain, this can be accomplished
ensuring that you use a local account with matching
passwords on both the client and server machines.
| 
XML site map