Hi All
We have users that logon to a win2012 AD domain "A" but need access to AD domain "B" resouces which does not have any trust relationship with the other. We want to keep it this way for security reasons. I plan to utilize the windows credential valut to place the credentials of the "other" AD domain to allow users access to resouces.
i place the cmdkey.exe command in the logon script that is being pushed via user based group policy in windows 2012 R2 AD environment. I have confirmed that the below command runs when the user logs on. Upon user log on, from the user's desktop when I issue the command "cndkey /list", it lists nothing. What's going on? User signed on with their crednetials so this command should place their logged on credential into the vault or does it not?
c:\windows\system32\cmdkey /add:MyServerName /user:MyDomainName\%username%
As a workaround I am pushing this script via user based group policy to be copied to the startup folder which will run during user log on. This appears to work. When I issue the "cmdkey.exe /list" command it lists the credentials in the vault.
I would like to avoid pushing this script to the startup folder instead I would like to run it in the logon script via group policy.
any ideas?
Thanks in advance.