on 04-17-2008 3:50 PM
Anyone overcome a problem with the mobile client requiring local admin priveleges to run?
hi peter,
pls see the below urls.......
The Passwords Control Panel has a "Remote Administration" tab that
works only if you have networking installed. If you use a central
server, you can assign administrative privilege to a SUPERVISOR or
Domain Admin.
First, install File & Print Sharing for either MS networks (for a pure
Win95 or NT domain network) or NetWare (For NetWare networks). If you
use FPS for NetWare, keep SAP advertising OFF. In addition, install
the Remote Registry service from Network Control Panel, as a Service
(in ADMINNETTOOLSREMOTREG on the CD-ROM) on the remote machines. You
can do this (and even enforce this) when you install Win95 as well.
Now, if the workstations use User level security (highly
advisable on NT Domains and NetWare networks), Setup will
automatically enable remote administration for ADMIN and SUPERVISOR
(NetWare) or DOMAIN ADMINS (NT Domain). If the stations use passwords
instead of user lists (Share level security), or you don't have a
central server, you will need to manually enable Remote Administration
and supply a password to each station. Remote Administration settings
will differ with each type of network client installed.
Once done, you (the administrator) can control computers via Network
Neighborhood. Right-click on any Win95 station and select
"Properties". You will see a "Tools" tab that lets you edit the
Registry, view network activity, or even browse the hard drives, on
the remote computer. REGEDIT and POLEDIT also works on these stations.
Of the tools listed, Remote Registry service is the biggest service
(250 KB). To free up memory so you don't slow down the machines, check
out How to Prevent Random Hard Drive Access, which also frees
lots of memory for these services.
7.6.3.1. ...on a Windows NT network?
Install FPS for MS networks, install Remote Registry service, and
enable User level security. Remote Admin privileges are
automatically given to anyone in the Domain Admins group on the domain
controller. Re-boot. Then, go to another Win95 station, log in as
Administrator (or anyone else in Domain Admins) and get properties on
the remote station from Network Neighborhood.
WARNING: This service will allow you to remotely edit an NT Server's
Registry! I was able to get in to several (but not all) Registry keys
on my own NT server by logging in as a member of Domain Admins. I'd
hate to think what could happen to my poor server if someone ran
REGEDIT on this network with malicious intent!
WARNING: Remember the NetWare C$ bug? It's back, this time in FPS for
Microsoft networks! Now if you perform a Remote Admin session on a
Win95 station and view its hard drives, the Admin shares
(
machinec$) remain active, available for read-only viewing when a
user types
machinec$ from Start Menu/Run. This bug may have always
been around, but I suspect it emerged with Service Pack 1.
7.6.3.2. ...on a Peer Win95 network?
You don't need to install Remote Registry service on the workstations
to use peer to peer remote administration. You only need a file and
print sharing service. When you use the Admin tools, the target
computer will prompt you for a password.
Be sure to set this password on all the workstations you want to
administer remotely.
NOTE: According to the Remote Registry readme files, Remote Registry
service only works if you use User Level Security from a central
server.
7.6.4. ...user level access?
User Level access spares us the potential of lost passwords and
multiple, security-killing, cached passwords, because the passwords
remain on the central security provider. You need only log in once and
type your password once, and you have access to any resources shared
on the network that have you on their access list.
Enable User Level security from Network Control Panel, in Access
Control. Pick a security provider (the name of an NT domain, NetWare
server, or other central server if your client/service software allows
for it). The next time you re-boot, all your share requesters and
password requesters will have user list requesters in their place. You
could also enforce user level security via system policies.
If the server is a NetWare 4.x server, you will need to set a Bindery
context on it. This will allow all NDS clients access to any Win95
stations sharing resources via FPS for NetWare.
Unusual combinations to avoid:
FPS for MS networks, using a NetWare server as security provider
(WFWG stations can't get access then! Win95 machines could get
access, however)
FPS for NetWare, using an NT server as a security provider (Quite
impossible, as the NCP server doesn't recognize NT security)
FPS for NetWare, using Share level security (It won't let you; NCP
servers don't allow separate logins)
7.6.5. ...server-based setup and MSBATCH.INF
thanks
karthik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
for 4.0 there is the note 803387 regarding local access rights for registry and files/folders.
I don't think that for 5.0 it would be totally different; of course in 5.0 sub directory <bin> is replaced by <bin.net> etc.
At least you should gain some ideas out of the note...;-)
Regards,
Wolfhard
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
8 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.