runas /netonly locking my local account

  • Thread starter Thread starter Jason Folkens
  • Start date Start date
J

Jason Folkens

Hi.

I'm logged into domain_a (domain_a\username). I want to launch a command
(sql server management studio) that will run as my user account in domain_b
(domain_b\username). My user account in domain_b is the same as the user
account in domain_a, but the password is different.

runas /netonly /user:domain_b\username sqlwb

Thats all fine and dandy, but I've noticed that if I have a different
password for the two environments, my account in domain_a gets locked...
as if runas tries to authenticate against domain_a, and fails. (in
domain_a, the GPO has the accounts get locked out after 3 failed attempts).

Can anyone explain to me why this happens, and what (if anything) i can do
to supress the failed authentication attempts against the local domain?

Thanks,

JRF
 
Jason Folkens said:
Hi.

I'm logged into domain_a (domain_a\username). I want to launch a command
(sql server management studio) that will run as my user account in
domain_b (domain_b\username). My user account in domain_b is the same as
the user account in domain_a, but the password is different.

runas /netonly /user:domain_b\username sqlwb

Thats all fine and dandy, but I've noticed that if I have a different
password for the two environments, my account in domain_a gets locked...
as if runas tries to authenticate against domain_a, and fails. (in
domain_a, the GPO has the accounts get locked out after 3 failed
attempts).

Can anyone explain to me why this happens, and what (if anything) i can do
to supress the failed authentication attempts against the local domain?

Thanks,

JRF

Using different user names will probably do the trick.
 
Unfortunatly that's not an option. My credentials are dictated by
company-wide policy.

Does anyone have access to the runas source code that could shed some light
into why an authentication attempt against the local domain is being ran at
all? I thought that specifying /netonly is supposed to supress the login
attempt until I request a remote resource....
 
While I accept that using a different account may not an option for you, you
should really test this suspicion. It would give you a valuable pointer
about how to resolve the issue in a way that is acceptable to you.
 
Back
Top