Windows XP local Credentials Match Domain

[Guest]

I am running Windows XP Pro SP2 on a network with Windows Server 2003 domain
controller.

I'm not sure how to explain this problem but here goes:

My laptop, the XP Pro SP2, is joined to the domain, but I logon to a local
account. My local account username and password happens to match my domain
account. Whenever I access a website on the network with and even without
Integrated Authentication enabled it logs me in using my local account's
username and password automatically. I tested this by changing my local
password and it then prompted for credentials. This is a huge security risk
to me and I would rather not have a different password on each account. Is
this a known bug or is it just how it operates?

Thank you,
Bradley Smith

 

[Lanwench [MVP - Exchange]]

I am running Windows XP Pro SP2 on a network with Windows Server 2003
domain controller.

I'm not sure how to explain this problem but here goes:

My laptop, the XP Pro SP2, is joined to the domain, but I logon to a
local account. My local account username and password happens to
match my domain account. Whenever I access a website on the network
with and even without Integrated Authentication enabled it logs me in
using my local account's username and password automatically. I
tested this by changing my local password and it then prompted for
credentials. This is a huge security risk to me and I would rather
not have a different password on each account. Is this a known bug or
is it just how it operates?

Thank you,
Bradley Smith

Not really a bug - it's passing through credentials. There are ways around
this IIRC, but in environments where people care about security, no users
have local accounts. Why do you use a local account?

 

[Guest]

I've just added this to the domain because I couldn't use the remote
management tools for my server without being on the domain. I only have a
domain established because I wanted to use Exchange. I thought the client
would send COMPUTERNAME\Username as the username and that's different from
DOMAIN\Username, but whatever. But even turning off Integrated Windows
Authentication didn't work. And when I turn off Integrated Windows
Authentication on the website, it won't let me in.

Is it possible to runas a program using DOMAIN\username w/o joining the
computer to the domain?

 

[Guest]

And I use a local one because i'm not always on the network with the domain
and i have a ton of stuff i don't want to have to move to my a new profile.

 

[Lanwench [MVP - Exchange]]

And I use a local one because i'm not always on the network with the
domain and i have a ton of stuff i don't want to have to move to my a
new profile.

By default you can log in using cached credentials.

 

[Lanwench [MVP - Exchange]]

I've just added this to the domain because I couldn't use the remote
management tools for my server without being on the domain. I only
have a domain established because I wanted to use Exchange. I thought
the client would send COMPUTERNAME\Username as the username and
that's different from DOMAIN\Username, but whatever. But even turning
off Integrated Windows Authentication didn't work. And when I turn
off Integrated Windows Authentication on the website, it won't let me
in.

It's passing along the credentials. I still say there's no point in a local
login if you have a domain - see my reply to your other post.

Is it possible to runas a program using DOMAIN\username w/o joining
the computer to the domain?

Yes. Right-click on the shortcut and choose run as.