Windows DNS console (DNSMgmt.msc) – Run as other Domain users

dnsrunasserverwindows

I have a requirement to manage multiple domains from one terminal server. The reason for this is to revoke domain admin rights from users, and have domain controller tools run from a terminal server, but for multiple domains, thus avoiding the need to log on to domain controllers.

I have had some success with this. Using the runas command, I have been able to run AD users and computers, and AD sites and services for multiple domains using a shortcut e.g C:\Windows\System32\runas.exe /netonly /user:DEV\username "mmc %SystemRoot%\system32\dsa.msc /domain=ukdev.uk.domain.com"

The DNS console is not working though. I can run that as C:\Windows\System32\runas.exe /netonly /user:TEST\username "mmc %SystemRoot%\system32\dnsmgmt.msc"

Once run, if I select the DNS server on the other domain by inputting the ip address to connect to,I get an access denied message. The servers are using windows 2008 R2.

Has anyone had any success running the DNS console in the context of another domain user? I am running as a domain admin in the target domain.

Best Answer

I was able to do this, but fair warning, it consists of some very hacky stuff.

Basically, I would get "Access Denied" unless I was able to elevate privileges within the context of the other Domain user.

So, I broke this down into the steps required:

1. Get CMD open in the context of DOMAIN\User2
2. Elevate privileges to Administrator within the context of DOMAIN\User2
3. Open CMD with elevated privileges for DOMAIN\User2
4. Run DNSMGMT.MSC (opening as an Add-in from MMC at this step also fails)

With that in mind, this is the command I now use as DOMAIN\User1:

runas /user:DOMAIN\User2 /savecred "powershell -c start-process -FilePath cmd.exe -verb runAs -ArgumentList ""/c"",""dnsmgmt.msc"""

This command does the 4 steps all wrapped into 1. This obviously requires that you have powershell installed & available as a command.

PC is running Windows 10. You can skip the elevation of privileges if you disable "EnableLUA" in the registry, but this generally hoses Windows 10 so I don't recommend it.

Related Solutions

.net – How to build RUNAS /NETONLY functionality into a (C#/.NET/WinForms) program

I know this is an old thread, but it was very useful. I have the exact same situation as Cade Roux, as I wanted /netonly style functionality.

John Rasch's answer works with one small modification!!!

Add the following constant (around line 102 for consistency):

private const int LOGON32_LOGON_NEW_CREDENTIALS = 9;

Then change the call to LogonUser to use LOGON32_LOGON_NEW_CREDENTIALS instead of LOGON32_LOGON_INTERACTIVE.

That's the only change I had to make to get this to work perfectly!!! Thank you John and Cade!!!

Here's the modified code in full for ease of copy/pasting:

namespace Tools
{
    #region Using directives.
    // ----------------------------------------------------------------------

    using System;
    using System.Security.Principal;
    using System.Runtime.InteropServices;
    using System.ComponentModel;

    // ----------------------------------------------------------------------
    #endregion

    /////////////////////////////////////////////////////////////////////////

    /// <summary>
    /// Impersonation of a user. Allows to execute code under another
    /// user context.
    /// Please note that the account that instantiates the Impersonator class
    /// needs to have the 'Act as part of operating system' privilege set.
    /// </summary>
    /// <remarks>   
    /// This class is based on the information in the Microsoft knowledge base
    /// article http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306158
    /// 
    /// Encapsulate an instance into a using-directive like e.g.:
    /// 
    ///     ...
    ///     using ( new Impersonator( "myUsername", "myDomainname", "myPassword" ) )
    ///     {
    ///         ...
    ///         [code that executes under the new context]
    ///         ...
    ///     }
    ///     ...
    /// 
    /// Please contact the author Uwe Keim (mailto:uwe.keim@zeta-software.de)
    /// for questions regarding this class.
    /// </remarks>
    public class Impersonator :
        IDisposable
    {
        #region Public methods.
        // ------------------------------------------------------------------

        /// <summary>
        /// Constructor. Starts the impersonation with the given credentials.
        /// Please note that the account that instantiates the Impersonator class
        /// needs to have the 'Act as part of operating system' privilege set.
        /// </summary>
        /// <param name="userName">The name of the user to act as.</param>
        /// <param name="domainName">The domain name of the user to act as.</param>
        /// <param name="password">The password of the user to act as.</param>
        public Impersonator(
            string userName,
            string domainName,
            string password)
        {
            ImpersonateValidUser(userName, domainName, password);
        }

        // ------------------------------------------------------------------
        #endregion

        #region IDisposable member.
        // ------------------------------------------------------------------

        public void Dispose()
        {
            UndoImpersonation();
        }

        // ------------------------------------------------------------------
        #endregion

        #region P/Invoke.
        // ------------------------------------------------------------------

        [DllImport("advapi32.dll", SetLastError = true)]
        private static extern int LogonUser(
            string lpszUserName,
            string lpszDomain,
            string lpszPassword,
            int dwLogonType,
            int dwLogonProvider,
            ref IntPtr phToken);

        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        private static extern int DuplicateToken(
            IntPtr hToken,
            int impersonationLevel,
            ref IntPtr hNewToken);

        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        private static extern bool RevertToSelf();

        [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
        private static extern bool CloseHandle(
            IntPtr handle);

        private const int LOGON32_LOGON_INTERACTIVE = 2;
        private const int LOGON32_LOGON_NEW_CREDENTIALS = 9;
        private const int LOGON32_PROVIDER_DEFAULT = 0;

        // ------------------------------------------------------------------
        #endregion

        #region Private member.
        // ------------------------------------------------------------------

        /// <summary>
        /// Does the actual impersonation.
        /// </summary>
        /// <param name="userName">The name of the user to act as.</param>
        /// <param name="domainName">The domain name of the user to act as.</param>
        /// <param name="password">The password of the user to act as.</param>
        private void ImpersonateValidUser(
            string userName,
            string domain,
            string password)
        {
            WindowsIdentity tempWindowsIdentity = null;
            IntPtr token = IntPtr.Zero;
            IntPtr tokenDuplicate = IntPtr.Zero;

            try
            {
                if (RevertToSelf())
                {
                    if (LogonUser(
                        userName,
                        domain,
                        password,
                        LOGON32_LOGON_NEW_CREDENTIALS,
                        LOGON32_PROVIDER_DEFAULT,
                        ref token) != 0)
                    {
                        if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
                        {
                            tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
                            impersonationContext = tempWindowsIdentity.Impersonate();
                        }
                        else
                        {
                            throw new Win32Exception(Marshal.GetLastWin32Error());
                        }
                    }
                    else
                    {
                        throw new Win32Exception(Marshal.GetLastWin32Error());
                    }
                }
                else
                {
                    throw new Win32Exception(Marshal.GetLastWin32Error());
                }
            }
            finally
            {
                if (token != IntPtr.Zero)
                {
                    CloseHandle(token);
                }
                if (tokenDuplicate != IntPtr.Zero)
                {
                    CloseHandle(tokenDuplicate);
                }
            }
        }

        /// <summary>
        /// Reverts the impersonation.
        /// </summary>
        private void UndoImpersonation()
        {
            if (impersonationContext != null)
            {
                impersonationContext.Undo();
            }
        }

        private WindowsImpersonationContext impersonationContext = null;

        // ------------------------------------------------------------------
        #endregion
    }

    /////////////////////////////////////////////////////////////////////////
}

Windows – Run cURL commands from Windows console

If you are not into Cygwin, you can use native Windows builds. Some are here: curl Download Wizard.

Best Answer

Related Solutions

.net – How to build RUNAS /NETONLY functionality into a (C#/.NET/WinForms) program

Windows – Run cURL commands from Windows console

Related Topic