Need To Access All Clients On Network From My XP Pro Box

Posted on 2003-12-03
Last Modified: 2013-12-04
At the risk of sounding like a "total" noob, I am going to be administering another department in our office. I need to set up all the clients so I can access them from my computer with various software to make sure the employees are doing what they are supposed to be doing and nothing else.

The clients are Windows XP Pro and a few Win 98 (mine is XP Pro). I don't want to reinstall the Op Sys on any of them. I need to set them up so when I do a probe or try and monitor their pc I have the access I need. Most of the time I get an "Access Denied" message, no matter what software I am using, and I need this to stop.

It would seem that I need to create another user account on all of the clients that is for Administrator but my reasoning tells me this won't work because they will be logged in under a different User name than the one I am trying to get in with. Is this correct or not?  Some of them have a User name that is the "default" Administrator account that has been renamed to their user name.

BTW I have the correct administrator rights on the server Win2kAdv Serv. I don't know as much as I should about Win2k Server to be able to run scripts when clients log on and I know some of this can probably be done in that way.

What can I do to make this work correctly the first time I set this up and remain in place?


Question by:elixxer
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Expert Comment

ID: 9879898
For the 98 boxes, I don't have a good suggestion. Win98 is not good at this type of thing.
For XP, we are in luck. Are all XP boxes part of your Windows domain. where you have "correct administrator rights on the server Win2kAdv Server"? So, are you a Domain Admin in your Domain? If so, then your user account would have permissions to do things like read the Event Viewer logs of the user XP machines.
That is, providing there are no firewall or router ACLs preventing connectivity between you and the other workstations.
If you are not a Domain Admin member, you could be a member of the Server Operators group, and members of that group can do things on a SERVER but not have the same permissions on a user Workstation.
I bet you aren't a Domain Admin, so that is why your probes against the user workstations are failing. And I bet you do have Server rights, but those do not necessarily translate into Workstation rights.
So, yes, you COULD have an account made locally on each XP workstation that has local Administrator rights. Make the account on each XP workstation, and remember this is NOT a domain account. It is local to each machine. Obviously, you will need to log into each XP machine as the local Administrator or as the Domain Administrator or as a Domain Admin account to set yourself up with a local adminstrator-level account.
Ok, then when you start to connect to each remote user workstation, you will need to "manually authenticate" to each workstation using the local Administrator-level account you made. The best way is to use the NET USE command from the Command Prompt. Say you want to connect to \\WKSTATION1 using a local Admin acount you made called BOB. Your command syntax from the command line would be:
Hit Enter, and it will then ask you for the password for the BOB account on that machine. Type it in, hit Enter again, and that's it. Connection Completed Successfully.
THEN you would connect with whatever program you are gonna use to remotely monitor the user workstation.
My preference is to use Dameware NT Utilities to check remote user Event Viewer logs, running Processes, and other fun stuff:
I do this type of thing every day at work. All public-accessible servers in our Internet DMZ are stand alone, not domain members. You gotta manually authenticate to them using local Adminstrator-level accounts to then be able to use Dameware to look at their logs.

hope this helps

Author Comment

ID: 9904155
Joseph, I have tried your suggestions. It got me a little bit closer but still not capable of doing what I need.
I am starting to think there is another setting that I am overlooking. I did set myself up as a Domain Admin. I got a copy of DameWare NT Utilities and tried that too. (Very nice program thanks for this tip on that one for sure).

What I am thinking is that the Domain Security Policies are not set up correctly. This why I say that.
1. they are all still at their default setting.

2. I tried this as well from the server: Start -> Run -> mmc. Then, in MMC, File -> Add/Remove Snap-in... -> Add button -> Group Policy -> specify the computer name for the client computer that you want to view -> click Finish button -> click Close button from the Add Standalone Snap-in dialog box -> click OK button from the Add/Remove Snap-in dialog box. Now, on the server, you are able to configure the client computer of Group Policy (Local Policy for that computer). In there, expand Computer Configuration, Windows Settings, Security Settings, Local Policies.

**when I get to this last step "Windows Settings, Security Settings, Local Policies" there is only one policy available to configure. It's the IP policy setting. I had assumed that when I got to the Local Policy setting at this stage that I would see something similar to what you see when you are sitting at the client computer in gpedit, under the same heading, all the local policy setting.**

Any suggestion?
LVL 12

Accepted Solution

trywaredk earned 500 total points
ID: 10479915
A policy must be linked to a container object in Active Directory to be effective.

Many Regards
Jorgen Malmgren

:o) Your brain is like a parachute. It works best when it's open
LVL 12

Expert Comment

ID: 10966997
:o) Glad I could help you - thank you for the points

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question