3

I have the the following setup.

1 x host machine situated in DOMAIN A 1 x PDC in a VM running on a host only network adapter running its own AD Forest (DOMAIN B) 1 x Server running in DOMAIN B, this is also on a host only network adapter but has a secondary adapter which is running in NAT mode Via VirtualBox (the PDC is running in the same VirtualBox instance).

I need to take files in DOMAIN A and copy using ROBOCOPY to DOMAIN B where no trust relationship exists, DOMAIN B is totally isolated and is never allowed to talk to DOMAIN A in any fashion at all.

One way of doing this would be to use PSEXEC from sysinternals and copy the files using the networkpath to the files FROM DOMAIN B this approach has been ruled out entirely, for various reasons, one of which is time and the reworking of a process that would take too long (allthough it would be possible)

I can copy the files with runas with the /netonly switch without issue manually from a cmd line giving run as the password at runtime, this all works.

The problem is I am running this copy from inside a rake command which invokes Robocopy using the MSBuild Extensions (just executes Robocopy.exe).

Is there a thirdparty of runas or equivalent tool that allows the /netonly behaviour of runas with the password given as a switch ?

the equivalent syntax for runas (if runas supported this behaviour) would be the following:

runas /user:user@domain.com /password:password /netonly "c:\system32\robocopy.exe C:\somedir \"\\TARGETSERVER\c$\somedir\" \"*.*\" /MIR /A-:R"

krystan honour
  • 153
  • 1
  • 1
  • 7
  • Maybe I can't quite make it out, but what is your issue with connecting to the destination share using `net use \\targetserver\c$\somedir /USER:DOMAIN\user password` beforehand and just issuing the robocopy afterwards? – the-wabbit Apr 25 '12 at 20:31
  • its a build system made to be run by developers it is meant to be transparent and doesn't want mapped drives etc. Before we were all in the same domain so no issue but were are trying out some stuff with virtual machines etc these will be cloned instances and so the machines must not touch our other network it is also important to understand that we copy to dozens of directories on multiple drives one mapped drive won't cover it – krystan honour Apr 25 '12 at 22:27
  • 1
    You should notice that my suggestion does **not** include mapped drives. It includes a "net use" call to create an authenticated SMB connection to a remote share with a different security context which is, as far as I can see, what you are trying to achieve. – the-wabbit Apr 26 '12 at 13:26
  • @syneticon-dj I'd like ot give you the credit for solving this issue but your comment needs to be an answer please convert it. – krystan honour Apr 26 '12 at 19:24

3 Answers3

7

You could simply connect to the destination share through a different security context using the net use \\targetserver\c$\somedir /USER:DOMAIN\user password syntax.

Omitting the drive letter in the net use call creates an authenticated SMB connection to a remote share within the given security context of DOMAIN\user. After the connection is established, you can use references to \\targetserver\c$\somedir in your robocopy call.

the-wabbit
  • 40,319
  • 13
  • 105
  • 169
1

If you can use a different protocol besides SMB, I would suggest (S)FTP(S).

mfinni
  • 35,711
  • 3
  • 50
  • 86
0

you can simply enter the password for the target server in the windows credential manager.

type in the search windows "credential manager" or look for it in control panel. This method is the easiest.

for address type the address of targetserveraddress username should be in format: targetdomain\username password=password

Viola!

Hash
  • 1