Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Domain in Distress - Have little control over computers

Posted on 2008-06-20
Medium Priority
Last Modified: 2013-12-09
On this Domain, everytime I try to access a computer it either tells me that I have no access, or its not turned on. They are turned on.
I have modified the Domain Computers to allow for Domains Admin to pass though. But I may have to further modify that to all OU's.
I try to execute a script and it just doesn't work.

Part one - Goes through and modify the registry and changes the locks on the Sysmantec AntiVirus Software in order to be uninstalled.

Part two - Goes through and uninstalls the software.

My problem is that the admin$ which access these tools in order to remove symantec is missing on most of the computers.
It seems that the IT personnel before me didn't want to admins to access or be able to remote into the users computers. So they modified the computers in order to prevent remote access.
We have to access computers via VNC which uses the Explorer GUI interface and requests permission, ok that works but the normal windows remote stuff doesn't

Here is what i can do:

1. I can remote into the registry
2. I can remote into the computer manager which gives me access to many things.
    a.  Shares - or to look at shares
    b. Services
    c. Event Logs

I see that the ADMIN$ is missing on all the computers, and i found this article below -

Has enyone ever tangled with something like this before?

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 ( How to back up and restore the registry in Windows

To verify whether a computer is affected by this issue, follow these steps:1. Examine the AutoShareServer and AutoShareWks registry values to make sure that they are not set to 0: a.  Click Start, click Run, type regedit, and then press ENTER.
b.  Locate and then click the following registry sub-key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
c.  If the AutoShareServer and AutoShareWks DWORD values in the LanmanServer\Parameters sub-key are configured with a value data of 0, change that value to 1.

Note If these values do not exist, you do not have to create them because the default behavior is to automatically create the administrative shares.  
d.  Quit Registry Editor.  
2. Restart the computer. Typically, computers that are running Windows Server 2003, Windows XP, Windows 2000, or Windows NT 4.0 automatically create the administrative shares during startup.  
3. After the computer restarts, verify that the administrative shares are active. To examine the shares, use the net share command. To do this, follow these steps: a.  Click Start, click Run, type cmd, and then press ENTER.  
b.  At the command prompt, type net share, and then press ENTER.  
c.  Look for the Admin$, C$, and IPC$ administrative shares in the list of shares.  

'Remove Symantec Remotely and Silently
'Results are stored in a log file: symantec.log
'--------------- Create Log File ----------------
'Open up the path to save the information into a text file
Dim Stuff, myFSO, WriteStuff, timeStamp
timeStamp = Time()
Set myFSO = CreateObject("Scripting.FileSystemObject")
Set WriteStuff = myFSO.OpenTextFile("symantec.log", 2, True)
Dim objShell: Set objShell=CreateObject("Wscript.Shell")
Dim startMsg
startMsg = "STARTING SCRIPT, YO!" & vBCrLF & "You do not neet to click OK until it is done." &_
           vbcrlf & "When the script is done, it will say DONE, YO! Check symantec.log for results."
objShell.Popup startMsg, 3
'WScript.Echo startMsg
WriteStuff.WriteLine("Starting Script, yo!" & vbcrlf)
'-------------------- Grab computer names from Computer.txt and store in array ----------------
strComputers = ""
On Error Resume Next
'Initialize global constants and variables.
g_strHostFile = "computers.txt"
'Read computer names for install from text file.
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(g_strHostFile) Then
  Set objTextStream = objFSO.OpenTextFile(g_strHostFile, FOR_READING)
  WScript.Echo "ERROR: Input file " & g_strHostFile & " not found."
End If
'Loop through list of computers and perform tasks on each.
Do Until objTextStream.AtEndOfStream
  readingInComputer= objTextStream.ReadLine
'  Wscript.Echo VbCrLf & readingInComputer 
 strComputers = strComputers + readingInComputer +","
arrComputers = Split(strComputers , ",")
'----------------------------- Symnantec Piece---------------------------------
'Pre condition:  arrComputers must be populated from Computer.txt
'------- Insert all Available Keys Here-------------------
Dim strSymantecKeys
Const HKEY_LOCAL_MACHINE = &H80000002
arrSymantecKeys = Split(strSymantecKeys, ",")
For Each strComputer in arrComputers
On Error Resume Next
       '---- If computername is blank then exit loop ---
        If strComputer = "" Then 
           exit for
        End If
 '----------- Set Uninstall Password & LockUnloadSvcs Registry Key Values-------
 Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
 'objShell.Popup "Error = " & err.number & "!!!", 1
 ' ----If getObject fails, server is offline or doesn't exist -------------
 If err.number <> 0 then
        objShell.Popup "ERROR: "& strComputer & " is offline or access is denied", 1
      'wscript.echo "ERROR: "& strComputer & " is offline or access is denied"
      'write to log file
      WriteStuff.WriteLine(timeStamp & "  " & strComputer & " - ERROR! It is offline or doesn't exist.")
      On Error GoTo 0 
 '------ Else GO ahead and remove Registry Keys ---------------------
   On Error GoTo 0 
'   strKeyPath = "SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security"
'   ValueName = "LockUnloadServices" 
'   objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, strValue
'   If strValue<>0 Then
'      objReg.setDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, 1
      'WScript.Echo strComputer & ": LockUnloadServices set to: " & strValue
'   End If
'   ValueName = "UseVPUninstallPassword" 
'   objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, strValue
'   If strValue<>0 Then
'     objReg.setDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, 1
     'WScript.Echo strComputer & ": UninstallPW set to: " & strValue
'   End If
   '----- Run MSIEXEC to remove Symantec -------------
  For Each strSymantecKey in arrSymantecKeys
      ' "c:\pstools\psexec \\" & strComputer & " MsiExec.exe /norestart /q 
   "c:\pstools\psexec \\" & strComputer & " MsiExec.exe /norestart /q /x " & strSymantecKey & " REMOVE=ALL", 8, true
  'Print to log file
   WriteStuff.WriteLine(timeStamp & " - " & strComputer & " - Symantec Removed.")
  'objShell.Popup strComputer & " - Symantec Removed", 1
  'WScript.Echo strComputer & " - Symantec Removed"
 End If
SET objReg=Nothing
'Write to log file and close it
WriteStuff.WriteLine(vbcrlf & "Script is Done, yo!")
SET WriteStuff = NOTHING
SET objShell = NOTHING
'Let user know the script is done!
WScript.Echo "SCRIPT IS DONE, YO!!!"

Open in new window

Question by:mark_randolph
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4

Author Comment

ID: 21830912
Can anyone help?

Expert Comment

ID: 21830994
Are you sure there are'nt firewalls enabled on those machines? They can be blocking your requests.

We for our company decided to disable all internally firewalls on all computers (only virus scanning) and put a expensive firewall in front of our proxy server.

Author Comment

ID: 21836139
I did find a TECHNET article that delt with a group policy that allow a GPO to disable and I did that to well hopefully works.
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.


Author Comment

ID: 22012176
All the computers were locked down, the administrative shares were disabled so no extenal commands could be executed. I refined the script, and completed the task. Interesting to disable the internal firewalls on all the PC's. I don't think that we will do such a thing. Too risky...
But thanks to all those that added there two cents.

Author Comment

ID: 22326973
The solution was that the windows 2000 machine and the GPO where not adjusted right. Meaning back before the GPO was the way to modify nedworks the Administrators at the time constructed local policy's. They really messed with operation and ease of handling.
Modify GPO
Remove Local policy
and added a script to place the local shares back on the window 2000 machines

Accepted Solution

Computer101 earned 0 total points
ID: 22444435
PAQed with points refunded (500)

EE Admin

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question