Sten Westerback
08-11-2003, 05:31 AM
"Suwarna" <suwarna@axistech.com> wrote in message
news:63c4d831.0307292216.86b0755@posting.google.com... Hello: This might sound like a newbie question: but it has become very big hurdle for me. I have created an NT service that is being run on a primary domain controller machine "PDC". I have a windows 2000 machine "W2K1" and "USER" has logged onto it. He has logged onto machine and not in the domain PDC.
And why not? what's the point of having a DC if you don't use it? :)
A lab environment that doesn't even trust the primary domain?
Now USER runs application "APP" which has to access service "SERV" that runs on the PDC. How can s/he do that?
The way is to use a mean of transport using a specific protocol and
a specific RPC. You can use WinSock, native RPC, mailslots, files
or named pipes.
Are there any specific settings / configurations that I need to do for the "SERV" so that it is accessible to all the uesrs even if they have not logged onto PDC?
Sure.. the easiest would be to use a RPC that doesn't care about
authentication (winsock, mailslots) or use a NULL security descriptor
to allow access to Guests.
Is there any mechanism by which I can send predefined usernames and passwords just for accessing this service?
They may be others but the most obvious is to use Named Pipes
and an LogOnAsUser() security token in conjunction with it. To find
out who is connecting to the pipe, use ImpersonateNamedPipe()
and then GetUserName() before RevertToSelf().
Good luck. :)
- Sten
news:63c4d831.0307292216.86b0755@posting.google.com... Hello: This might sound like a newbie question: but it has become very big hurdle for me. I have created an NT service that is being run on a primary domain controller machine "PDC". I have a windows 2000 machine "W2K1" and "USER" has logged onto it. He has logged onto machine and not in the domain PDC.
And why not? what's the point of having a DC if you don't use it? :)
A lab environment that doesn't even trust the primary domain?
Now USER runs application "APP" which has to access service "SERV" that runs on the PDC. How can s/he do that?
The way is to use a mean of transport using a specific protocol and
a specific RPC. You can use WinSock, native RPC, mailslots, files
or named pipes.
Are there any specific settings / configurations that I need to do for the "SERV" so that it is accessible to all the uesrs even if they have not logged onto PDC?
Sure.. the easiest would be to use a RPC that doesn't care about
authentication (winsock, mailslots) or use a NULL security descriptor
to allow access to Guests.
Is there any mechanism by which I can send predefined usernames and passwords just for accessing this service?
They may be others but the most obvious is to use Named Pipes
and an LogOnAsUser() security token in conjunction with it. To find
out who is connecting to the pipe, use ImpersonateNamedPipe()
and then GetUserName() before RevertToSelf().
Good luck. :)
- Sten