Have you noticed that
sometimes DNTU will perform a task without prompting you for a
UserID & Password and other times you are prompted for
credentials?
Have you also wondered why you may be able to install the DMRC
Client Agent Service on a remote machine, even though you only
supplied regular User (non Administrator) credentials in the Remote
Connect dialog box?
This authentication behavior is not directly related to the DNTU or
DMRC programs and can be explained by taking a look at how
Windows NT
Challenge/Response "Pass-through" authentication
works.
DameWare NT Utilities:
When accessing a machine, DNTU simply attempts to execute the
selected function assuming there is already an authenticated
connection to the remote machine. If your current local logon
credentials do not have sufficient rights to perform the selected
task, or you have not already authenticated to the remote machine
with credentials that have adequate rights, you will be prompted
for a set of credentials that have the necessary rights. If your
local desktop credentials have the necessary rights or you have
already authenticated to the remote machine using another set of
credentials that have the necessary rights, then the Operating
System will pass those credentials to the remote machine when
executing DNTU's functions. This is called NT "Pass-Through"
Authentication. Whether
you are allowed to access certain features of a machine using DNTU
is entirely dependent on the Level of Security required by the
Operating System for that particular function. Most of DNTU's
features require Administrative rights.
DameWare Mini Remote Control:
The Mini Remote Control program will first attempt a TCP connection
to the remote machine using the credentials specified in the Remote
Connect dialog box. If the DMRC Client Agent Service is not
installed on the remote machine or is not listening on the
specified port, then the DMRC program will drop out of it's TCP
mode and use the Operating System's installed protocols to attempt
to interrogate the remote machine. At this point, the connection to
the remote machine has nothing to do with the credentials supplied
in the Remote Connect dialog box. If your current credentials do
not have sufficient rights, then you will be prompted to supply a
set of credentials that have the necessary rights to complete the
task. If your current local logon credentials have sufficient
rights or you have already authenticated to this remote machine
using another set of credentials that have sufficient rights, the
Operating System will pass these credentials without prompting you
for additional credentials, hence "Pass-Through" authentication. Administrative rights are required to
Start/Stop/Install/Remove the DMRC Client Agent Service. Once the
remote machine has been interrogated and DMRC Client Agent Service
is found to be running on the specified TCP port, the Mini Remote
Control program will once again attempt a TCP connection to the
remote machine using the credentials specified in the Remote
Connect dialog box.
This is basically how Microsoft's NT "Pass-Through" authentication works. The Operating System attempts to pass
your current local desktop credentials (UserID & Password used
to logon to your local machine) to the remote machine. If the
current credentials do not have sufficient rights to perform the
task, then the Operating System will prompt you for a set of
credentials that have the necessary rights. Once an authenticated
connection has been established to the remote machine, the
Operating System will not prompt you again for tasks that require
this same level of authentication. However, if you already have a
connection to a remote machine using a set of credentials that does
not have adequate rights, you can also use DNTU's "Disconnect
Network Connections" feature to disconnect that
connection.