[wpkg-users] Can't use computer account authentication with WPKG Client 1.3.6

Fri Nov 7 23:16:29 CET 2008

Hi,

- -----Original Message-----
- From: wpkg-users-bounces at lists.wpkg.org [mailto:wpkg-users-
- bounces at lists.wpkg.org] On Behalf Of Tomasz Chmielewski
- Sent: 04 November 2008 10:21
- To: Kai Pastor
- Cc: wpkg-users at lists.wpkg.org
- Subject: Re: [wpkg-users] Can't use computer account authentication
- with WPKG Client 1.3.6
- 
- Kai Pastor schrieb:
- > Although usually running under the local SYSTEM account, WPKG client
- never
- > properly supported using the computer account for connecting to the
- WPKG
- > file path on the network. In september, I explained a workaround: I
- added
- > double quotes to the UNC path ("\\mydomain\dfs\wpkg\wpkg.js") in
- order to
- > prevent WPKG client from calling WNetAddConnection2.
- >
- > WPKG Client 1.3.6 seems to recognize a UNC path even within double
- quotes
- > (which is good). It always calls WNetAddConnection2 with the
- credentials
- > [not] specified.
- >
- > In "Test settings"-mode, it complains that multiple connections with
- > different credentials are not allowed:
- >
- > Message: WNetAddConnection2-> Mehrfache Verbindungen zu einem Server
- oder
- > einer freigegebenen Ressource von demselben Benutzer unter Verwendung
- > mehrerer Benutzernamen sind nicht zulässig. Trennen Sie alle früheren
- > Verbindungen zu dem Server bzw. der freigegebenen Ressource, und
- versuchen
- > Sie es erneut.
- 
- This is normal in Windows - this system just can't connect to the same
- share/server with different credentials.
- So if you're already connected to that share i.e. as Administrator, you
- won't connect to that share as a different user.
- Workaround - use a different server name.
- 
- 
- > When starting as a service, it fails with "access denied":
- >
- > WNetAddConnection2-> Zugriff verweigert
- >
- >
- > So it is no longer possible to use the computer account for
- > authentification. This is bad news. This authentication seems most
- > appropriate to me in an AD/DFS setup.
- 
- It worked before for you by pure accident, as this feature was never
- planned. Now it doesn't work, as one slight bug was fixed.
- 
- However, it makes perfect sense to add a switch like "use computer
- account credentials" for connecting. So it should be added to the next
- version.
- 

 Question :-)

 In theory, (although it's probably not as simple programmatically) doesn't
LocalSystem attempt connections as the machine account? By that I mean,
<computername>$ and not just <computername>.

 Is the "use computer credentials" option just because people are missing the
point of adding a $ to the computer name or share security?

 Sorry... it's a naïve thought again but I could see it as a easy oversight.

 I've spent far too much time handling this idea in scripts!

Keefy

- 
- > Could WPKG client skip WNetAddConnection2 when the WPKG path user is
- NOT
- > specified?
- >
- > There is also no source code yet for release 1.3.6
- 
- I'll try to upload it this week. Or, if you want to help with the code,
- I might do it earlier, let me know.
- 
- 
- --
- Tomasz Chmielewski
- http://wpkg.org
- 
- -----------------------------------------------------------------------
- --
- wpkg-users mailing list archives >>
- http://lists.wpkg.org/pipermail/wpkg-users/
- _______________________________________________
- wpkg-users mailing list
- wpkg-users at lists.wpkg.org
- http://lists.wpkg.org/mailman/listinfo/wpkg-users