Need To Access All Clients On Network From My XP Pro Box

At the risk of sounding like a "total" noob, I am going to be administering another department in our office. I need to set up all the clients so I can access them from my computer with various software to make sure the employees are doing what they are supposed to be doing and nothing else.

The clients are Windows XP Pro and a few Win 98 (mine is XP Pro). I don't want to reinstall the Op Sys on any of them. I need to set them up so when I do a probe or try and monitor their pc I have the access I need. Most of the time I get an "Access Denied" message, no matter what software I am using, and I need this to stop.

It would seem that I need to create another user account on all of the clients that is for Administrator but my reasoning tells me this won't work because they will be logged in under a different User name than the one I am trying to get in with. Is this correct or not?  Some of them have a User name that is the "default" Administrator account that has been renamed to their user name.

BTW I have the correct administrator rights on the server Win2kAdv Serv. I don't know as much as I should about Win2k Server to be able to run scripts when clients log on and I know some of this can probably be done in that way.

What can I do to make this work correctly the first time I set this up and remain in place?


Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

For the 98 boxes, I don't have a good suggestion. Win98 is not good at this type of thing.
For XP, we are in luck. Are all XP boxes part of your Windows domain. where you have "correct administrator rights on the server Win2kAdv Server"? So, are you a Domain Admin in your Domain? If so, then your user account would have permissions to do things like read the Event Viewer logs of the user XP machines.
That is, providing there are no firewall or router ACLs preventing connectivity between you and the other workstations.
If you are not a Domain Admin member, you could be a member of the Server Operators group, and members of that group can do things on a SERVER but not have the same permissions on a user Workstation.
I bet you aren't a Domain Admin, so that is why your probes against the user workstations are failing. And I bet you do have Server rights, but those do not necessarily translate into Workstation rights.
So, yes, you COULD have an account made locally on each XP workstation that has local Administrator rights. Make the account on each XP workstation, and remember this is NOT a domain account. It is local to each machine. Obviously, you will need to log into each XP machine as the local Administrator or as the Domain Administrator or as a Domain Admin account to set yourself up with a local adminstrator-level account.
Ok, then when you start to connect to each remote user workstation, you will need to "manually authenticate" to each workstation using the local Administrator-level account you made. The best way is to use the NET USE command from the Command Prompt. Say you want to connect to \\WKSTATION1 using a local Admin acount you made called BOB. Your command syntax from the command line would be:
Hit Enter, and it will then ask you for the password for the BOB account on that machine. Type it in, hit Enter again, and that's it. Connection Completed Successfully.
THEN you would connect with whatever program you are gonna use to remotely monitor the user workstation.
My preference is to use Dameware NT Utilities to check remote user Event Viewer logs, running Processes, and other fun stuff:
I do this type of thing every day at work. All public-accessible servers in our Internet DMZ are stand alone, not domain members. You gotta manually authenticate to them using local Adminstrator-level accounts to then be able to use Dameware to look at their logs.

hope this helps
elixxerAuthor Commented:
Joseph, I have tried your suggestions. It got me a little bit closer but still not capable of doing what I need.
I am starting to think there is another setting that I am overlooking. I did set myself up as a Domain Admin. I got a copy of DameWare NT Utilities and tried that too. (Very nice program thanks for this tip on that one for sure).

What I am thinking is that the Domain Security Policies are not set up correctly. This why I say that.
1. they are all still at their default setting.

2. I tried this as well from the server: Start -> Run -> mmc. Then, in MMC, File -> Add/Remove Snap-in... -> Add button -> Group Policy -> specify the computer name for the client computer that you want to view -> click Finish button -> click Close button from the Add Standalone Snap-in dialog box -> click OK button from the Add/Remove Snap-in dialog box. Now, on the server, you are able to configure the client computer of Group Policy (Local Policy for that computer). In there, expand Computer Configuration, Windows Settings, Security Settings, Local Policies.

**when I get to this last step "Windows Settings, Security Settings, Local Policies" there is only one policy available to configure. It's the IP policy setting. I had assumed that when I got to the Local Policy setting at this stage that I would see something similar to what you see when you are sitting at the client computer in gpedit, under the same heading, all the local policy setting.**

Any suggestion?
A policy must be linked to a container object in Active Directory to be effective.

Many Regards
Jorgen Malmgren

:o) Your brain is like a parachute. It works best when it's open

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
:o) Glad I could help you - thank you for the points
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.