First thing you will need to have two accounts in a Domain, let's say we will create an account named oz
| | |
First Account Name | oz | Domain User Mail enabled |
Second account | ZZ-oz | Domain administrator, Enterprise administrator No mailbox |
Now log into your work station with domain User account, this account is to be logged into system all he times.
We will not log into systems with our ZZ-oz account, we will use RUNAS and get the job done with ZZ account privileges when we need it
After you logged in (remember you are a Domain user now, CANNOT give any damage to anything pretty much, try going to device manager and deleting a device, windows will deny your request.)
Now open a notepad and type
runas /user:archq\zz-oz cmd.exe Change my name into your account name
Click Save, File Name RunAS.bat Save Type as, all files
And save it on your Desktop. Now when you double click on it DOS window will open up and ask you to type your password, ones you successfully type your password ( pay attention this is Domain admin password)
A window will open up with Domain admin privileges.
Now you are still logged in as a domain user, but you have a window in from of you (CMD.EXE) which is running with your domain admin privileges.
So what can you do with this?
Go ahead download,
Windows 2003 Support tools so that you can manage AD with it.
Download Here
When it gets to installation all you need to do, is drag the program into CMD window, and hit enter on the keyboard, the setup installation program will be executed with your Domain administrator privileges
It is kind of cool.
Now after installation if you go to rum command and type
Dsa.msc ADUC snap in wont lunch, will lunch but you won't be able to perform any admin task,
Why because you executed it with your domain user credential so windows know you are a user, and have no business of seeing the ADUC snap in.
However, if you type the same command into CMD window which is running with Domain administrator privileges, ADUC will happily open up, and you can perform any task as you wish as Domain Administrators
Now you got the idea, go ahead and play with other thing,
TIPS: you don't have to remember all the short cut abbreviations, you can simply drag and drop anything into CMD windows running under Domain administrator privileges,( don't forget to press on enter) this will execute the program with domain admin credential.
I open ESM several times just like this, during a working day.
Now you get the idea, working secure and smart is up to you. Making windows and managing exchange is up to you as well.
Now, one of the cools thing Windows Sysinternals (Free) is to get the program called
Psexec
Download the ZIP the suite of the entire tools form my Blog site
http://smtp25.blogspot.com/
What is this Psexec tool? Lets you execute processes on other systems
This is great and always what we wanted to do. Now unzip this and save it to your System32 directory below on your Desktop.
%homeDir%\system32/
Paste all the files (Entire Suite) into this directory
Go back to administrator CMD window. Don't forget you need to be in Domain Environment.
Here is the situation we need want to open Remote CMD window on our exchange server while we are logged into our workstation
Exchange serve name is BIOBR2
So we will type this command into Domain administrator CMD window
Type below command