Remote user authentication

  • Thread starter Thread starter Param
  • Start date Start date
P

Param

Hi,
I have the following requirement:
I need to authenticate the credentials of a user which is on a remote
machine (Win2000 Server). The user is only local to that machine and not a
domain user. Also, the user is a member of "Users" group (or it may belong
to any group). I will use only IP address and not the DNS for connecting to
the remote machine.
I tried the following approaches:

1) Using SSPI functions such as "GenClientContext" which involves preparing
client and server messages to negotiate, challenge and authenticate. But
this works fine only for local users and domain users.

2) Mapping of a drive from remote machine. But this works only for admin
users.

3) Changing the password to the same value using NetUserChangePassword. But
this fails if password policy restricts.

Is there any other way to authenticate the remote user credentials? Please
note that I know the password for the Administrator account in that remote
machine.

Thanks in advance,
Param.
 
This is a very unusual requirement, and one not aligned
to the Windows account usage design.

You could try, assuming as you stated that you do have
admin on the remote machine where the account lives,
and that the remote will be network-visible when you
have need to "authenticate", something like the following.
Using remote execution, such as with WMI, try to execute
a small script / app that communicates back to you if it is
successful, and then remotely launce this with the account
credentials that have been presented to you (such as with
a run as launch).

Keep in mind that you may be exposing the local account
info multiple times on the network.
 
Hi Roger,
Thanks much for the information. I did a small refining work with the
2nd approach (cancelled the exisitng connections) and found working.

Thanks and regards,
Param.
 
Back
Top