i am facing an issue while using the mac. I need to use that PowerShell command on my mac to run application as domain user
runas /netonly /user:user_name "C:\Users\fwa\AppData\Local\Programs\Azure Data Studio\azuredatastudio.exe"
I have tried
sudo -u user_name /Applications/AzureDataStudio.app
it asks password for local user. but in my case user is on External domain
To run Azure Data Studio (ADS) on your mac and login to SQL Server using Windows authentication instead of a username/password, you use the kinit command. I've had best luck using the kinit command through the built-in command window in ADS (you'll be prompted to do so if/when your login fails). Note that your computer needs network access to a kerberos server.
There's some further information about setting this up HERE and HERE.
Win7. Postgres 9.3.
Every time I type "postgres" in cmd I get this error.
Created a new account without any admin rights and with "Log on as" rights and with correct directory access rights to postgres/data, then I set this account as the "Log on as" in the services menu, but I still get the same error.
update2017: I never found a solution to this.
For windows do this:
Start cmd.exe (administrator as you are)
Add postgres user:
net user postgres your_password /add
Start a cmd.exe using your new postgres account:
runas /user:postgres cmd.exe
You can validate you are login correctly using" whoami
Run postgres normally.
It is not clear from your question whether you are trying to start the Postgres service or "manually" start Postgres without having a Windows service registered.
Since 9.x Postgres does not require it's own Windows user account to run the service. It defaults to use the built-in "Network" account.
To start the Postgres service (if it has been correctly installed), simply use use
net start postgresql-9.3
(the actual name might be different)
If you did not register a Windows service you should start Postgres through pg_ctl.exe not through postgres.exe. pg_ctl.exe will drop any administrative privileges from the process when starting the server.
To start Postgres manually from the commandline use:
pg_ctl -w -D c:\Path\To\The\DataDirectory
assuming that the access rights to the data directory are setup correctly so that the current user has full access to the directory.
If you want to install/create the Windows service manually, you can also do this through the pg_ctl program:
pg_ctl register -N "postgresql-9.3" -D c:\Path\To\The\DataDirectory
Again the access rights to the data directory must be setup correctly.
I have a build server that is not part of a Windows domain trying to connect to a VisualSVN server running HTTPS via apache with domain login via Active Directory. When I try to connect to the server using specifying a domain username I observe a client hang:
svn ls --username=domainuser https://subversion.mydomain/svn/repo1/
The logs on the server show Windows authentication failures using the login-name for the build-machine, and the build-machine's hostname in the Domain name field. The username provided on the command-line is completely ignored.
SVN Client: TortoiseSVN commandline tools: svn, version 1.8.1 (r1503906)
On a separate machine (on the domain) - I found that the --username would not be ignored if I used the cygwin svn instead.
The solution I found was to disable the http-auth-type 'negotiate'. This prevents Windows credentials being automatically shared.
I verified this using a command-line override, it asked for password for the user on the command-line:
svn ls --username=domainuser --config-option servers:global:http-auth-types=basic;digest https://subversion.mydomain/svn/repo1/
Authentication realm: <https://subversion.mydomain/svn/repo1/> VisualSVN Server
Password for 'domainuser':
(Note for Cygwin users: If you use SVN under Windows via Cygwin then you will need to add quotes to your command like this: $ svn ls --username=domainuser --config-option "servers:global:http-auth-types=basic;digest" https://subversion.mydomain/svn/repo1/ -- Otherwise the semicolon will be treated as a command delimiter.)
To configure this more permanently you can make a servers config file entry for all matching servers. For Win7 that's C:\Users\<User>\AppData\Roaming\Subversion\servers.
[groups]
mydomain = *.mydomain
[mydomain]
http-auth-types=basic;digest
Instead of disabling negotiate in client's config, I'd suggest using Windows Credential Manager to store the other account's credentials for Single Sign-On.
The following instruction shows how to put other domain credentials to access VisualSVN Server into Windows Credential Manager:
Start | Control Panel | Credential Manager,
Click 'Add a Windows Credential',
As 'Internet or network address' enter the FQDN of VisualSVN
Server's machine,
As 'Username' enter the <DOMAIN>\<username> of user account that
exists in domain and has access rights to VisualSVN Server,
Complete the password field and click OK,
Verify that you can authenticate to VisualSVN Server under the selected user account after completing the above steps.
I know this question has been asked in the past, but a satisfactory answer has not been provided.
I am using the SC command to config the credentials for a service.
SC.exe config "SERVICE NAME" obj= "domain\user" password= "password"
This completes successfully, but when I start the service, it fails
to perform the login.
[NET START "service name"]
If I manually update ONLY the password from the services.msc, then
when I start the service it works fine.
I have hundreds of servers to update this change occurs in the middle of a deployment,
so manual intervention is NOT an option.
I have tried using the config to update the login account and then another config command for the password.
From all accounts, the SC.exe does not work for passwords and Microsoft has NO help.
IDEAS?
Besides stopping the service before making the changes, and granting the user permission to logon as a service, I also had to add the type= own parameter, otherwise it would fail with:
[SC] ChangeServiceConfig FAILED 87:
The parameter is incorrect
So this is the command that worked:
SC.EXE config "ServiceName" type= own obj= "domain\user" password= "password"
It even worked with special characters in the password, given I had the password between double brackets.
When you configure a service to run under a specific account via the normal route from the service properties windows automatically grants the account the log in as service right. When you use sc.exe you also have to grant the user the log on as service right.
Log On As Service Right
Before restarting services, you should grant your user permission to logon as a service.
Unfortunately, no way to do it from command line with default windows tools, but you can use small additional util ntright.exe from Windows Server 2003 Resource Kit Tools.
Download it from https://www.microsoft.com/en-us/download/details.aspx?id=17657
After installation you'll get a lot of tools in C:\Program Files (x86)\Windows Resource Kits\Tools (or in Program Files on 32bit machine).
You need ntrights.exe. You can copy it and run from any place on another host.
To grant your user required permission, you should add to your script:
ntrights.exe +r SeServiceLogonRight -u "%DOMAIN%\%USER%"
After that you can successfully restart services with a new user.
Also there is an option to run ntrights.exe on remote host:
ntrights.exe +r SeServiceLogonRight -u "%DOMAIN%\%USER%" -m %HOSTNAME%
This tool helps me very much when I need reconfigure a lot of hosts remotely.
To enable log on as a service via script I've written this, you can use it as is or pull out what is useful to you
https://raw.githubusercontent.com/cdaf/windows/master/automation/provisioning/setServiceLogon.ps1
Try to stop the service before setting up the password:
sc.exe stop "<my_service>" 4:4:3
sc.exe config "<my_service>" obj= "\.<local_acc_name>" password= "<local_acc_pass>"
sc.exe start "<my_service>"
I had this issue. Thanks to ST's comment on the original post, I realized I needed to research how to type the password. In my case, I needed to double up the percent sign (%%) in the password.
The link ST provided is helpful: Escaping special characters in cmd.
Run against this problem while doing some Powershell scripting and the issue in my case was the special characters in the password.
Got it working by storing the password in a variable with double quotes around it:
$servicePassword = "`"passwordWithSpecialCharacters`""
cmd /c sc config myService obj= mydomain\myuser password= $servicePassword
Special characters are:
()'"$><^?
Try This.
Start menu - type "local security policy" without the quotes. Open the "Local Policies", then left-click on "User Rights Assignment". On the right panel, right-click on "Log on as a service", and select "Properties". Click on "Add User or Group" and add your user. Click OK. You might have to reboot your machine.
After adding you can set the user name and password for the service in cmd.
I am using a windows slave to clone a git repo and run jenkins build jobs. I'd like to clone without supplying credentials each time so I plan to use a _netrc file with the standard settings. When I run 'whoami' in the job I get the following:
nt authority\system
My question is - where does this user have their credentials stored? Is it possible to use a _netrc file for authentication for this user like I would with my own user account?