• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 260
  • Last Modified:

Managing Local accounts remotely

I want to create image for about 2000 Windows XP SP2. Those PCs are for different sites. Each site is a domain by itself. All sites and domains are connected to my network by weak connections. For every number of sites we have number of engineers.

Our policy denies form given the local Administrator to any body (kept in treasury).
Our engineers need the administrator password for:

•      Adding the PC to the Domain
•      For trouble shooting
•      To install applications on the Local PC’s.
•      There are few applications which are requiring Administrator Group

My Question is: what is the best practice in this situation?
      Also, what is the best way of managing local account in remote sites not connected to the domain.  

3 Solutions
Excuse my ignorance, but what is a weak conneciton?

When you say "local Administrator" what do you mean?  I understand this to mean local admin on a desktop,  you seem to be using it meaning domain admin for one site.

Remote Desktop via VPN.
ALNMOOAuthor Commented:
thanks for your reply
 weak conneciton = slow links

Local Administrator = The administrator accont in the PC itself NOT in the domain.

VPN is good Idea, but the problem I have more than 2000 PCs!!
Whats your budget?

There are solutions out there but it is difficult to recommend without knowing if you have a budget for the support of your 2000 desktops?

example: Altiris remote deployment will allow remote management over slower links utilising carbon copy.

You will also be able to deploy update, join the machines to the domain and pretty much utilise it for all of your administrative tasks. But you are looking at 90 odd thousand in licencing "last time i checked"

The other options are largely manual and would require considerable planning.

Let me know your position on this.


How many sites?

Who cares about the number of PCs?  You setup a VPN between your comptuer and the remote site, then remote desktop to the computer.  Unless you have 1 PC and 2,000 unique sites.

There are products that may make some of this easie, software distribution for example can be done by things like LAN Desk and some of the Tivoli offerings.

What do you mean you are going to add them to the domain, but they are not connected to the domain?

Do you really mean that you ave a single AD domain and the domain controllers are at a centeral site and you have computer at remote sites?  If so a lot of the controls can be done by GPO, it complex, but it can be done.  
Dushan De SilvaCommented:
From another computer use computer management.

Right click on My Computer select Manage
When Computer Management appears, right click "Computer Management (local)"
Choose "Connect to another computer"
Type the name of the remote computer in the Another Computer box.

You should then, under System Tools -> Local Users and Groups, be able to add users, and change group memberships.

You of course:
Have to be and administrator on the domain or local machine

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now