Auth, and netonly authentication

In order to run an ODBC check remote from outside a domain we can run a netonly auth against AD first:

				
					runas /user:user@domain.no /netonly C:\WINDOWS\SysWOW64\odbcad32.exe
				
			

To list all stored credentials we can:

				
					rundll32.exe keymgr.dll, KRShowKeyMgr
				
			

And in Powershell we can query all networkconnections ID’s like this:

				
					gwmi -Query 'Select LocalName, RemoteName, UserName from Win32_NetworkConnection'
				
			

A similar result can be achieved using wmic from cmd:

				
					wmic netuse get remotename,username
				
			

More articles