remote registry edit from workgroup to domain

By bojo387 ·
How do remote registry edit a domain computer's registry by using a computer that is only in a workgroup?

Is it also possible if the two computers are on different networks but I can access shares from the domain computer with admin rights?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

It's possible if you create multiple profiles

by robo_dev In reply to remote registry edit from ...

but you cannot really do this with all one username/profile. Of course multiple profiles is messy and complicated.

If you could use the same username and profile, then the domain would not be very secure, and there would be no method to synchronize your passwords.

The best way to do this is to use either Terminal Services or UltraVNC to go around the whole Windows security model.

Collapse -

not really possible unless you hack

by CG IT In reply to It's possible if you crea ...

domains have both computer accounts and user accounts. Each one [computer accounts and user accounts] have security configurations. A user account might be denied access to the computer from the network.

So you have to exploit security vunderabilities or as Robo says use something like VNC directly to the computer. Even then, you still have to use exploits because the local machine security settings might also restrict domain user accounts.

Collapse -

Why would you have to try this? But if you do...

by 1bn0 In reply to remote registry edit from ...

Try mapping a drive to the remote desktop first using alternate credentials of either an account with domain administrator or an account with local administrator rights on the remote machine.

Then connect to the remote machines registry.

If you don't have the username and pasword for either of those account types then you obviously are trying to do something you are not authorized for.

Collapse -

That's the challenge of TR forums....

by robo_dev In reply to Why would you have to try ...

what side of the law are we giving advice to?

Obviously if you can make reg changes as a lowly workgroup user to a domain computer, that's a security hole you can drive an aircraft carrier through.

And, if you're the administrator, why are you only part of a workgroup?? hmmmm.....

Collapse -

it's a client app installation on a workgroup PC

by bojo387 In reply to That's the challenge of T ...

I am installing a client app that I have to run/invoke from the server since it maps to the SQL database on that server (and uses named pipes). The client is on a workgroup while the server is on a domain and are both on their own (diff.) network segments. The client is basically handled by a separate department from the server. (don't ask me why). I use the same account as the server admin on the workgroup PC and can map a share from the server to the client. I get an error when the installation tries to write to the server registry. I was asked to check whether I could access via regedit the server registry from the client, and also to the client from the server. Hope this explains the reason behind my question. :)

Collapse -

Logon account vs alternate credentials for mapping????

by 1bn0 In reply to it's a client app install ...

"I use the same account as the server admin on the workgroup PC and can map a share from the server to the client"

What "same account"? If you are logging on to the workstation as george and you have an administator account on the server named george, they are NOT the same account. One is a local machine account and one is a domain account.

Are you providing alternate account credentials for the drive mapping? (Connect as a a different username)??

If you are logging on to the workstation with a local machine account , you should not be able to map a drive to the server unless there are no security restrictions on the server share. (That would be a different problem)

Collapse -

the usual workaround

by bojo387 In reply to Logon account vs alternat ...

On the client, I created the same username and password as the domain admin account used on the server. I also used the domain name as the workgroup name. I did this so I could gain access to the share from the Server (Domain PC).

Anyway, thanks for your responses.

Related Discussions

Related Forums