Solved

Domain in Distress - Have little control over computers

Posted on 2008-06-20
7
357 Views
Last Modified: 2013-12-09
On this Domain, everytime I try to access a computer it either tells me that I have no access, or its not turned on. They are turned on.
I have modified the Domain Computers to allow for Domains Admin to pass though. But I may have to further modify that to all OU's.
I try to execute a script and it just doesn't work.

Part one - Goes through and modify the registry and changes the locks on the Sysmantec AntiVirus Software in order to be uninstalled.

Part two - Goes through and uninstalls the software.

My problem is that the admin$ which access these tools in order to remove symantec is missing on most of the computers.
It seems that the IT personnel before me didn't want to admins to access or be able to remote into the users computers. So they modified the computers in order to prevent remote access.
We have to access computers via VNC which uses the Explorer GUI interface and requests permission, ok that works but the normal windows remote stuff doesn't

Here is what i can do:

1. I can remote into the registry
2. I can remote into the computer manager which gives me access to many things.
    a.  Shares - or to look at shares
    b. Services
    c. Event Logs

I see that the ADMIN$ is missing on all the computers, and i found this article below -

Has enyone ever tangled with something like this before?

 
RESOLUTION
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 (http://support.microsoft.com/kb/322756/) How to back up and restore the registry in Windows


To verify whether a computer is affected by this issue, follow these steps:1. Examine the AutoShareServer and AutoShareWks registry values to make sure that they are not set to 0: a.  Click Start, click Run, type regedit, and then press ENTER.
b.  Locate and then click the following registry sub-key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
c.  If the AutoShareServer and AutoShareWks DWORD values in the LanmanServer\Parameters sub-key are configured with a value data of 0, change that value to 1.

Note If these values do not exist, you do not have to create them because the default behavior is to automatically create the administrative shares.  
d.  Quit Registry Editor.  
 
2. Restart the computer. Typically, computers that are running Windows Server 2003, Windows XP, Windows 2000, or Windows NT 4.0 automatically create the administrative shares during startup.  
3. After the computer restarts, verify that the administrative shares are active. To examine the shares, use the net share command. To do this, follow these steps: a.  Click Start, click Run, type cmd, and then press ENTER.  
b.  At the command prompt, type net share, and then press ENTER.  
c.  Look for the Admin$, C$, and IPC$ administrative shares in the list of shares.  
 


'Remove Symantec Remotely and Silently
'Results are stored in a log file: symantec.log
 
'--------------- Create Log File ----------------
 
'Open up the path to save the information into a text file
Dim Stuff, myFSO, WriteStuff, timeStamp
timeStamp = Time()
 
Set myFSO = CreateObject("Scripting.FileSystemObject")
Set WriteStuff = myFSO.OpenTextFile("symantec.log", 2, True)
 
Dim objShell: Set objShell=CreateObject("Wscript.Shell")
 
Dim startMsg
startMsg = "STARTING SCRIPT, YO!" & vBCrLF & "You do not neet to click OK until it is done." &_
           vbcrlf & "When the script is done, it will say DONE, YO! Check symantec.log for results."
 
objShell.Popup startMsg, 3
'WScript.Echo startMsg
 
WriteStuff.WriteLine("Starting Script, yo!" & vbcrlf)
 
'-------------------- Grab computer names from Computer.txt and store in array ----------------
 
strComputers = ""
 
On Error Resume Next
 
'Initialize global constants and variables.
Const FOR_READING = 1
g_strHostFile = "computers.txt"
 
'Read computer names for install from text file.
Set objFSO = CreateObject("Scripting.FileSystemObject")
 
If objFSO.FileExists(g_strHostFile) Then
  Set objTextStream = objFSO.OpenTextFile(g_strHostFile, FOR_READING)
Else
  WScript.Echo "ERROR: Input file " & g_strHostFile & " not found."
  WScript.Quit
End If
 
'Loop through list of computers and perform tasks on each.
Do Until objTextStream.AtEndOfStream
  readingInComputer= objTextStream.ReadLine
'  Wscript.Echo VbCrLf & readingInComputer 
 
 strComputers = strComputers + readingInComputer +","
Loop
 
objTextStream.Close
 
arrComputers = Split(strComputers , ",")
 
 
'----------------------------- Symnantec Piece---------------------------------
'Pre condition:  arrComputers must be populated from Computer.txt
 
 
'------- Insert all Available Keys Here-------------------
Dim strSymantecKeys
strSymantecKeys="{33CFCF98-F8D6-4549-B469-6F4295676D83},{33CFCF98-F8D6-4549-B469-6F4295676D83}"
'---------------------------------------------------------
Const HKEY_LOCAL_MACHINE = &H80000002
 
arrSymantecKeys = Split(strSymantecKeys, ",")
 
 
For Each strComputer in arrComputers
 
On Error Resume Next
       '---- If computername is blank then exit loop ---
        If strComputer = "" Then 
           exit for
        End If
 
 '----------- Set Uninstall Password & LockUnloadSvcs Registry Key Values-------
 
 Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
 
 'objShell.Popup "Error = " & err.number & "!!!", 1
 
 ' ----If getObject fails, server is offline or doesn't exist -------------
 If err.number <> 0 then
      err.clear
 
        objShell.Popup "ERROR: "& strComputer & " is offline or access is denied", 1
      'wscript.echo "ERROR: "& strComputer & " is offline or access is denied"
      
      'write to log file
      WriteStuff.WriteLine(timeStamp & "  " & strComputer & " - ERROR! It is offline or doesn't exist.")
      On Error GoTo 0 
 
 '------ Else GO ahead and remove Registry Keys ---------------------
 Else
   On Error GoTo 0 
 
'   strKeyPath = "SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security"
'   ValueName = "LockUnloadServices" 
 
'   objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, strValue
 
'   If strValue<>0 Then
'      objReg.setDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, 1
      'WScript.Echo strComputer & ": LockUnloadServices set to: " & strValue
'   End If
 
'   ValueName = "UseVPUninstallPassword" 
 
'   objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, strValue
 
'   If strValue<>0 Then
'     objReg.setDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, 1
     'WScript.Echo strComputer & ": UninstallPW set to: " & strValue
'   End If
 
   '----- Run MSIEXEC to remove Symantec -------------
 
  For Each strSymantecKey in arrSymantecKeys
	
      'objshell.run "c:\pstools\psexec \\" & strComputer & " MsiExec.exe /norestart /q 
     
      objShell.run "c:\pstools\psexec \\" & strComputer & " MsiExec.exe /norestart /q /x " & strSymantecKey & " REMOVE=ALL", 8, true
     
  Next
 
  'Print to log file
   WriteStuff.WriteLine(timeStamp & " - " & strComputer & " - Symantec Removed.")
 
  'objShell.Popup strComputer & " - Symantec Removed", 1
  'WScript.Echo strComputer & " - Symantec Removed"
 
 
 End If
 
 
SET objReg=Nothing
 
 
Next
 
 
'Write to log file and close it
WriteStuff.WriteLine(vbcrlf & "Script is Done, yo!")
WriteStuff.Close
SET WriteStuff = NOTHING
SET myFSO = NOTHING
SET objShell = NOTHING
 
'Let user know the script is done!
WScript.Echo "SCRIPT IS DONE, YO!!!"

Open in new window

0
Comment
Question by:mark_randolph
  • 4
7 Comments
 
LVL 1

Author Comment

by:mark_randolph
ID: 21830912
Can anyone help?
0
 
LVL 6

Expert Comment

by:JapyDooge
ID: 21830994
Are you sure there are'nt firewalls enabled on those machines? They can be blocking your requests.

We for our company decided to disable all internally firewalls on all computers (only virus scanning) and put a expensive firewall in front of our proxy server.
0
 
LVL 1

Author Comment

by:mark_randolph
ID: 21836139
I did find a TECHNET article that delt with a group policy that allow a GPO to disable and I did that to well hopefully works.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 1

Author Comment

by:mark_randolph
ID: 22012176
All the computers were locked down, the administrative shares were disabled so no extenal commands could be executed. I refined the script, and completed the task. Interesting to disable the internal firewalls on all the PC's. I don't think that we will do such a thing. Too risky...
But thanks to all those that added there two cents.
0
 
LVL 1

Author Comment

by:mark_randolph
ID: 22326973
The solution was that the windows 2000 machine and the GPO where not adjusted right. Meaning back before the GPO was the way to modify nedworks the Administrators at the time constructed local policy's. They really messed with operation and ease of handling.
Modify GPO
Remove Local policy
and added a script to place the local shares back on the window 2000 machines
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 22444435
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question