Need To Access All Clients On Network From My XP Pro Box

Posted on 2003-12-03
Last Modified: 2013-12-04
At the risk of sounding like a "total" noob, I am going to be administering another department in our office. I need to set up all the clients so I can access them from my computer with various software to make sure the employees are doing what they are supposed to be doing and nothing else.

The clients are Windows XP Pro and a few Win 98 (mine is XP Pro). I don't want to reinstall the Op Sys on any of them. I need to set them up so when I do a probe or try and monitor their pc I have the access I need. Most of the time I get an "Access Denied" message, no matter what software I am using, and I need this to stop.

It would seem that I need to create another user account on all of the clients that is for Administrator but my reasoning tells me this won't work because they will be logged in under a different User name than the one I am trying to get in with. Is this correct or not?  Some of them have a User name that is the "default" Administrator account that has been renamed to their user name.

BTW I have the correct administrator rights on the server Win2kAdv Serv. I don't know as much as I should about Win2k Server to be able to run scripts when clients log on and I know some of this can probably be done in that way.

What can I do to make this work correctly the first time I set this up and remain in place?


Question by:elixxer
  • 2

Expert Comment

Comment Utility
For the 98 boxes, I don't have a good suggestion. Win98 is not good at this type of thing.
For XP, we are in luck. Are all XP boxes part of your Windows domain. where you have "correct administrator rights on the server Win2kAdv Server"? So, are you a Domain Admin in your Domain? If so, then your user account would have permissions to do things like read the Event Viewer logs of the user XP machines.
That is, providing there are no firewall or router ACLs preventing connectivity between you and the other workstations.
If you are not a Domain Admin member, you could be a member of the Server Operators group, and members of that group can do things on a SERVER but not have the same permissions on a user Workstation.
I bet you aren't a Domain Admin, so that is why your probes against the user workstations are failing. And I bet you do have Server rights, but those do not necessarily translate into Workstation rights.
So, yes, you COULD have an account made locally on each XP workstation that has local Administrator rights. Make the account on each XP workstation, and remember this is NOT a domain account. It is local to each machine. Obviously, you will need to log into each XP machine as the local Administrator or as the Domain Administrator or as a Domain Admin account to set yourself up with a local adminstrator-level account.
Ok, then when you start to connect to each remote user workstation, you will need to "manually authenticate" to each workstation using the local Administrator-level account you made. The best way is to use the NET USE command from the Command Prompt. Say you want to connect to \\WKSTATION1 using a local Admin acount you made called BOB. Your command syntax from the command line would be:
Hit Enter, and it will then ask you for the password for the BOB account on that machine. Type it in, hit Enter again, and that's it. Connection Completed Successfully.
THEN you would connect with whatever program you are gonna use to remotely monitor the user workstation.
My preference is to use Dameware NT Utilities to check remote user Event Viewer logs, running Processes, and other fun stuff:
I do this type of thing every day at work. All public-accessible servers in our Internet DMZ are stand alone, not domain members. You gotta manually authenticate to them using local Adminstrator-level accounts to then be able to use Dameware to look at their logs.

hope this helps

Author Comment

Comment Utility
Joseph, I have tried your suggestions. It got me a little bit closer but still not capable of doing what I need.
I am starting to think there is another setting that I am overlooking. I did set myself up as a Domain Admin. I got a copy of DameWare NT Utilities and tried that too. (Very nice program thanks for this tip on that one for sure).

What I am thinking is that the Domain Security Policies are not set up correctly. This why I say that.
1. they are all still at their default setting.

2. I tried this as well from the server: Start -> Run -> mmc. Then, in MMC, File -> Add/Remove Snap-in... -> Add button -> Group Policy -> specify the computer name for the client computer that you want to view -> click Finish button -> click Close button from the Add Standalone Snap-in dialog box -> click OK button from the Add/Remove Snap-in dialog box. Now, on the server, you are able to configure the client computer of Group Policy (Local Policy for that computer). In there, expand Computer Configuration, Windows Settings, Security Settings, Local Policies.

**when I get to this last step "Windows Settings, Security Settings, Local Policies" there is only one policy available to configure. It's the IP policy setting. I had assumed that when I got to the Local Policy setting at this stage that I would see something similar to what you see when you are sitting at the client computer in gpedit, under the same heading, all the local policy setting.**

Any suggestion?
LVL 12

Accepted Solution

trywaredk earned 500 total points
Comment Utility
A policy must be linked to a container object in Active Directory to be effective.

Many Regards
Jorgen Malmgren

:o) Your brain is like a parachute. It works best when it's open
LVL 12

Expert Comment

Comment Utility
:o) Glad I could help you - thank you for the points

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now