Auth, and netonly authentication

In order to run an ODBC check remote from outside a domain we can run a netonly auth against AD first:

					runas / /netonly C:\WINDOWS\SysWOW64\odbcad32.exe

To list all stored credentials we can:

					rundll32.exe keymgr.dll, KRShowKeyMgr

And in Powershell we can query all networkconnections ID’s like this:

					gwmi -Query 'Select LocalName, RemoteName, UserName from Win32_NetworkConnection'

A similar result can be achieved using wmic from cmd:

					wmic netuse get remotename,username

More articles