Win2003 General Network Password???

Discussion in 'Windows Server Systems' started by Heeter, Sep 10, 2006.

  1. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    Hi Guys,

    A client of mine has Win2003SBS, and approx 8 workstations in his office. Win2000Pro and WinXPPro as clients.

    My question: even though each workstation has each their own username and password to logon to the machine, Can the SmallBusinessServer still issue each and every workstation one general Username/password that overrides the client side? One username/password that can get into each machine no matter what the user/pass is on the client end.

    The reason asking is that NOD32 Enterprise Edition would of deployed a lot smoother from the server if we had better access to the workstations.

    Thanks in advance,


    Heeter
     
  2. madmatt

    madmatt Bow Down to the King Political User

    Messages:
    13,312
    Location:
    New York
    Why not use the domain admin password?

    OU=Users\Administrator
     
    Heeter likes this.
  3. DwarfData

    DwarfData OSNN Addict

    Messages:
    135
    Location:
    Lancashire, UK
    Heeter,

    Any account that is a member of the Domain Admin group can be used to log on to any workstation and have Administrator rights.

    Is this what you are after?
     
    Heeter likes this.
  4. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    Using the domain user/pass will get into all clients? Really, thanks,

    I would like to "Gain control" of all workstations during deployment of apps, like the antivirus. Was going around to each workstation gathering their usernames and passwords.

    Heeter
     
  5. DwarfData

    DwarfData OSNN Addict

    Messages:
    135
    Location:
    Lancashire, UK
    Save your feet. Use Remote Desktop to connect to the machines. Also, Small Business Server can be configured to install any required software on all it's clients.
     
  6. madmatt

    madmatt Bow Down to the King Political User

    Messages:
    13,312
    Location:
    New York
    As long as the desktops are joined to the domain then yes. The Administrator account is located in the Users OU.
     
  7. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    Thanks a lot, Guys,

    Thanks for the help. Will look for the OU next time I am in that office. Remote desktop, should of thought of that last night, too.


    Heeter
     
  8. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    If they are part of the domain, the domain\Domain Admins group is automatically added to the local administrator group when they join the domain.

    If the user is setup as a local administrator, they can, technically, remove the domain admins group from the local administrator group in which case, your domain admin account would not have access to the machine.

    You can setup "restricted groups" in your Group policy to force a domain group into a local group (MS Link on Restriced groups).

    You could (of course) also deploy your software via GPO's as well.. or SMS or any other deployment software..
     
  9. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Just wanted to chime in a bit about a few things....

    First of all, and this is only opinion and my preference, on my servers that run AV's and push applications/updates to clients, I don't use Domain Administrator accounts. I created a special Group that contains all service accounts that need to have just enough rights to do their job. Maybe I'm a bit ****, but I don't like having excessive rights for tasks that don't need them.

    I pushed out NOD32 about two weeks ago and I love the customization you have and how you can build your own packages. I had a few weird errors at the first time I tried communicating with the clients, but nothing I wasn't able to resolve :)
     
  10. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    Thanks Guys,

    I am interested in how your setup goes about, KC. through a special group and all clients are in the workgroup?

    Thanks,

    Heeter
     
  11. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Nothing to do with clients really, I just have a Group on the network called "Maintenance" (just my preference, really has no meaning), that has sufficient network priveleges to carry out specific actions.

    I have a few user accounts in this group, the one related to NOD32 being called "avupdates". This way I don't need to use members of the Domain Admin or local Admin groups, which would give more access rights than needed IMO.

    Group memberships and settings come down through the network.