5

I intend to use WMIC to reset the trust of a machine that is remote, and off the network. All of the following variations result in an "access denied":

The following works fine:

net use \\patterson-e10 /user:patterson-e10\wks.admin xxx

All the following fails:

 wmic /node:"patterson-e10"  /user:"patterson-e10\wks.admin"  /password:xxx process call create "cmd /c dir"
 wmic /node:"patterson-e10"  /user:".\wks.admin"  /password:xxx process call create "cmd /c dir"
 wmic /node:"patterson-e10"  /user:"wks.admin"  /password:xxx process call create "cmd /c dir"
 wmic /node:"patterson-e10"  /user:wks.admin  /password:xxx process call create "cmd /c dir"

I'm about to attempt Powershell (PS) remoting, but I"m not sure how it works with trusts.

Update

I have also tried PSExec and SC (where I would "start a service") and had similar authentication failures.

The only avenue that seems to partially work is where I launch an RDP session, and map a drive to my source computer, where I then run the command. I looked into scripting RDP and it doesn't appear I can do much outside of creating just the connection file.

Update 2

The machine doesn't have a console, so the following solution of adding the non-domain member to TrustedHosts can't work, I jut hope there is another solution/workaround.

makerofthings7
  • 8,821
  • 28
  • 115
  • 196

3 Answers3

0

This may not have anything to do with invalid trust. I tested in same domain (so trust is not a problem) by running same commands to a member server using local accounts on target system. Same result (i.e. net use works but not wmic). This may be related to one of those allow/disallow anonymous access settings to various resources (such as named pipes, shares, sam database, etc.) in group policy\computer settings..\local policy\security options

strongline
  • 592
  • 2
  • 8
0

Are you sure that you've got an exception allowing the remote administration on your firewall? TCP Port 135 or the preconfigured rule will do.

pk.
  • 6,413
  • 1
  • 41
  • 63
0

Use "netdom move" to rejoin the remote machine to the domain, effectively repairing the relationship. You'll use local credentials to connect and your domain admin account to rejoin. If the computer object still exists in the domain, you'll need to use an account that has full control of the object (like Domain Admin).

Here is the command:

netdom move hostname /d:contoso.com /uo:localAdmin /po:localAdminPassword /ud:contoso\admin /pd:adminPassword /reboot 0

This will "rejoin" the machine to the domain and immediately restart.

You said the machine is "off the network"; I'm not sure what you mean by that.

brandon
  • 41
  • 3