cancel
Showing results for 
Search instead for 
Did you mean: 

Local admin priveleges required for Mobile Client

Former Member
0 Kudos

Anyone overcome a problem with the mobile client requiring local admin priveleges to run?

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

hi peter,

pls see the below urls.......

https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/953928ff-0701-0010-43a0-b18...

The Passwords Control Panel has a "Remote Administration" tab that

works only if you have networking installed. If you use a central

server, you can assign administrative privilege to a SUPERVISOR or

Domain Admin.

First, install File & Print Sharing for either MS networks (for a pure

Win95 or NT domain network) or NetWare (For NetWare networks). If you

use FPS for NetWare, keep SAP advertising OFF. In addition, install

the Remote Registry service from Network Control Panel, as a Service

(in ADMINNETTOOLSREMOTREG on the CD-ROM) on the remote machines. You

can do this (and even enforce this) when you install Win95 as well.

Now, if the workstations use User level security (highly

advisable on NT Domains and NetWare networks), Setup will

automatically enable remote administration for ADMIN and SUPERVISOR

(NetWare) or DOMAIN ADMINS (NT Domain). If the stations use passwords

instead of user lists (Share level security), or you don't have a

central server, you will need to manually enable Remote Administration

and supply a password to each station. Remote Administration settings

will differ with each type of network client installed.

Once done, you (the administrator) can control computers via Network

Neighborhood. Right-click on any Win95 station and select

"Properties". You will see a "Tools" tab that lets you edit the

Registry, view network activity, or even browse the hard drives, on

the remote computer. REGEDIT and POLEDIT also works on these stations.

Of the tools listed, Remote Registry service is the biggest service

(250 KB). To free up memory so you don't slow down the machines, check

out How to Prevent Random Hard Drive Access, which also frees

lots of memory for these services.

  • 7.6.3.1. ...on a Windows NT network?

Install FPS for MS networks, install Remote Registry service, and

enable User level security. Remote Admin privileges are

automatically given to anyone in the Domain Admins group on the domain

controller. Re-boot. Then, go to another Win95 station, log in as

Administrator (or anyone else in Domain Admins) and get properties on

the remote station from Network Neighborhood.

WARNING: This service will allow you to remotely edit an NT Server's

Registry! I was able to get in to several (but not all) Registry keys

on my own NT server by logging in as a member of Domain Admins. I'd

hate to think what could happen to my poor server if someone ran

REGEDIT on this network with malicious intent!

WARNING: Remember the NetWare C$ bug? It's back, this time in FPS for

Microsoft networks! Now if you perform a Remote Admin session on a

Win95 station and view its hard drives, the Admin shares

(
machinec$) remain active, available for read-only viewing when a

user types
machinec$ from Start Menu/Run. This bug may have always

been around, but I suspect it emerged with Service Pack 1.

  • 7.6.3.2. ...on a Peer Win95 network?

You don't need to install Remote Registry service on the workstations

to use peer to peer remote administration. You only need a file and

print sharing service. When you use the Admin tools, the target

computer will prompt you for a password.

Be sure to set this password on all the workstations you want to

administer remotely.

NOTE: According to the Remote Registry readme files, Remote Registry

service only works if you use User Level Security from a central

server.

  • 7.6.4. ...user level access?

User Level access spares us the potential of lost passwords and

multiple, security-killing, cached passwords, because the passwords

remain on the central security provider. You need only log in once and

type your password once, and you have access to any resources shared

on the network that have you on their access list.

Enable User Level security from Network Control Panel, in Access

Control. Pick a security provider (the name of an NT domain, NetWare

server, or other central server if your client/service software allows

for it). The next time you re-boot, all your share requesters and

password requesters will have user list requesters in their place. You

could also enforce user level security via system policies.

If the server is a NetWare 4.x server, you will need to set a Bindery

context on it. This will allow all NDS clients access to any Win95

stations sharing resources via FPS for NetWare.

Unusual combinations to avoid:

  • FPS for MS networks, using a NetWare server as security provider

(WFWG stations can't get access then! Win95 machines could get

access, however)

  • FPS for NetWare, using an NT server as a security provider (Quite

impossible, as the NCP server doesn't recognize NT security)

  • FPS for NetWare, using Share level security (It won't let you; NCP

servers don't allow separate logins)

  • 7.6.5. ...server-based setup and MSBATCH.INF

thanks

karthik

Former Member
0 Kudos

Hi,

for 4.0 there is the note 803387 regarding local access rights for registry and files/folders.

I don't think that for 5.0 it would be totally different; of course in 5.0 sub directory <bin> is replaced by <bin.net> etc.

At least you should gain some ideas out of the note...;-)

Regards,

Wolfhard