Hi Everyone,
I have seen a very weird scenario, which I hope you could explain.
I have few windows 7 32bit\64bit machines in a domain environment.
I create interactive sessions in the remote systems using "runas" to run a process of mine as a different user and this process doesn't access any network services!
The weird part in it is that I see in the AD security logs that this specific user that runs the process on the remote machines sometimes asks for CIFS ticket for one of our file servers. I also double checked using klist on the local machine that generated the request that the ticket is indeed present (The ticket was inside the interactive session that was created).
I couldn't find any mapped drives,mapped printers,roaming profiles inside these computers that could have ask for this specific ticket on behalf of the interactive session.
My questions are:
1.What could have done it?
2. Is it possible that a process or service that doesn't run on this specific session would interact with it and ask for a service ticket on its behalf?
3. Is there a way to trace service tickets that processes ask?
Many thanks!