mmc to another computer

[muno]

Hello.

I have a problem with mmc and other computers in the network.
Computers have administrator passwords, depending on the generation of the computer. I have my own administrator password, which does not match any generation.

When opening mmc, and wanting to administer a computer in the network, mmc always reports that authentication failed. I know this is because my administrator password does not match the administrator password of the target computer.

How could I make it so mmc authenticates me as the administrator of the targeted computer instead of myself? I know all the administrator passwords.

This happens when you map a network drive, it asks for credentials that are authenticated to map the resource. I can authenticate myself against the target computer. But there's no such thing in mmc.

Particularly I would need to be able to create shares remotely.
-M

[Steve R Jones]

When it asks for credentials, have you tried putting in the credentials of the user of the machine?

Long hard way is to set yourself up as a admin user on each machine.

[muno]

It doesn't ask for credentials, that's the problem. Mapping a network drive always asks for credentials if it fails to authenticate with the current ones.

If I try to 'run as...' <computer>\administrator' it fails to even authenticate the program.

I can't put myself as an admin. There's nearly 3000 computers in our network
Of course it has been set to that 'domain admins'-group is a local administrator on every computer, but sadly I'm not a domain admin - and yet I need to do my work.
-M

[DVNT1]

An alternate way may be (similar to Steve's suggestion)... write a script that gets each computer's name from AD, then adds your Account to the local Admin group of each computer. If each computer's local Admin account has the same password then this would work reasonable well. If they are all different, then you need a new idea.

[DVNT1]

Found this two part idea...
(start MMC locally, then spawn a new part with a different account)

Quote:

To start an instance of the command prompt as an administrator on the local computer, type:

runas /user:localmachinename\administrator cmd
When prompted, type the administrator password.

To start an instance of the Computer Management snap-in using a domain administrator account called companydomain\domainadmin, type:

runas /user:companydomain\domainadmin "mmc %windir%\system32\compmgmt.msc"
When prompted, type the account password.

To start an instance of Notepad using a domain administrator account called user in a domain called domain.microsoft.com, type:

runas /user:user@domain.microsoft.com "notepad my_file.txt"
When prompted, type the account password.

To start an instance of a command prompt window, saved MMC console, Control Panel item, or program that will administer a server in another forest, type:

runas /netonly /user:Domain\UserName "Command"
Domain\UserName must be a user with sufficient permissions to administer the server. When prompted, type the account password.

from http://www.microsoft.com/technet/tre...rver/runas.asp

[muno]

I think I'd get fired if I added myself as local admin to every computer I just can't do that, I need to be able to do it by authenticating myself to the console as the <computer>\administrator

And as I said, I'm not a member of the domain admins group, never will be.

The last option, somehow I got it to work. I don't know, I made a shortcut to my management console, edited the command like to look like this:
Target: c:\konsoli1.msc /netonly /user:targetcomputer\administrator /computer=targetcomputer

It worked fine, didn't even ask for password (I have a drive mapped from this testing computer though), so it might've gotten the password from there.
I need to test it more, but if it works, thanks
-M

//edit:
Ok, that was my bad I was an administrator on the test computer, so it worked because of that Sorry.

Now. Let's clarify this more. I have konsoli1.msc (which is a management console for shares) in c:\temp, I've made a shortcut to it which resides in c:\, the shortcut says c:\temp\konsoli1.msc /computer=targetcomputer
then I run from command prompt the following -> runas /netonly /user:targetgomputer\administrator konsoli1.msc.lnk

The following is a free translation of the error message I get->
Trying to run "konsoli1.msc.lnk" as user "targetcomputer\administrator"...
RUNAS-error: Execution failed - konsoli1.msc.lnk
193:

I'll try to find out what that means

[DVNT1]

Quote:

Originally posted by muno
I think I'd get fired if I added myself as local admin to every computer I just can't do that,...

[John Prophet]

Id find it hard to do my job if I wasnt given the tools (permissions) to do it.

[muno]

Tell me about it. We have an <a word here, actually a lot of words> in the head of it.

I can't even unlock accounts that have gone locked due to too many failed attempts...

That's what I have to live with, for almost a year to come before I can get another job. I need to finish my school to get somewhere far from this <add a word here>hole.

Unfortunately, my manager is as lame as my avatar, and can't enforce anything for us. The head of it for the corporation isn't that high on corporate level... No one just has the guts to do anything about it. And I'd get fired, being a consultant, for doing something
-M

[John Prophet]

can you just kill em and say a terrorist did it?