• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 382
  • Last Modified:

Domain in Distress - Have little control over computers

On this Domain, everytime I try to access a computer it either tells me that I have no access, or its not turned on. They are turned on.
I have modified the Domain Computers to allow for Domains Admin to pass though. But I may have to further modify that to all OU's.
I try to execute a script and it just doesn't work.

Part one - Goes through and modify the registry and changes the locks on the Sysmantec AntiVirus Software in order to be uninstalled.

Part two - Goes through and uninstalls the software.

My problem is that the admin$ which access these tools in order to remove symantec is missing on most of the computers.
It seems that the IT personnel before me didn't want to admins to access or be able to remote into the users computers. So they modified the computers in order to prevent remote access.
We have to access computers via VNC which uses the Explorer GUI interface and requests permission, ok that works but the normal windows remote stuff doesn't

Here is what i can do:

1. I can remote into the registry
2. I can remote into the computer manager which gives me access to many things.
    a.  Shares - or to look at shares
    b. Services
    c. Event Logs

I see that the ADMIN$ is missing on all the computers, and i found this article below -

Has enyone ever tangled with something like this before?

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 (http://support.microsoft.com/kb/322756/) How to back up and restore the registry in Windows

To verify whether a computer is affected by this issue, follow these steps:1. Examine the AutoShareServer and AutoShareWks registry values to make sure that they are not set to 0: a.  Click Start, click Run, type regedit, and then press ENTER.
b.  Locate and then click the following registry sub-key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
c.  If the AutoShareServer and AutoShareWks DWORD values in the LanmanServer\Parameters sub-key are configured with a value data of 0, change that value to 1.

Note If these values do not exist, you do not have to create them because the default behavior is to automatically create the administrative shares.  
d.  Quit Registry Editor.  
2. Restart the computer. Typically, computers that are running Windows Server 2003, Windows XP, Windows 2000, or Windows NT 4.0 automatically create the administrative shares during startup.  
3. After the computer restarts, verify that the administrative shares are active. To examine the shares, use the net share command. To do this, follow these steps: a.  Click Start, click Run, type cmd, and then press ENTER.  
b.  At the command prompt, type net share, and then press ENTER.  
c.  Look for the Admin$, C$, and IPC$ administrative shares in the list of shares.  

'Remove Symantec Remotely and Silently
'Results are stored in a log file: symantec.log
'--------------- Create Log File ----------------
'Open up the path to save the information into a text file
Dim Stuff, myFSO, WriteStuff, timeStamp
timeStamp = Time()
Set myFSO = CreateObject("Scripting.FileSystemObject")
Set WriteStuff = myFSO.OpenTextFile("symantec.log", 2, True)
Dim objShell: Set objShell=CreateObject("Wscript.Shell")
Dim startMsg
startMsg = "STARTING SCRIPT, YO!" & vBCrLF & "You do not neet to click OK until it is done." &_
           vbcrlf & "When the script is done, it will say DONE, YO! Check symantec.log for results."
objShell.Popup startMsg, 3
'WScript.Echo startMsg
WriteStuff.WriteLine("Starting Script, yo!" & vbcrlf)
'-------------------- Grab computer names from Computer.txt and store in array ----------------
strComputers = ""
On Error Resume Next
'Initialize global constants and variables.
g_strHostFile = "computers.txt"
'Read computer names for install from text file.
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(g_strHostFile) Then
  Set objTextStream = objFSO.OpenTextFile(g_strHostFile, FOR_READING)
  WScript.Echo "ERROR: Input file " & g_strHostFile & " not found."
End If
'Loop through list of computers and perform tasks on each.
Do Until objTextStream.AtEndOfStream
  readingInComputer= objTextStream.ReadLine
'  Wscript.Echo VbCrLf & readingInComputer 
 strComputers = strComputers + readingInComputer +","
arrComputers = Split(strComputers , ",")
'----------------------------- Symnantec Piece---------------------------------
'Pre condition:  arrComputers must be populated from Computer.txt
'------- Insert all Available Keys Here-------------------
Dim strSymantecKeys
Const HKEY_LOCAL_MACHINE = &H80000002
arrSymantecKeys = Split(strSymantecKeys, ",")
For Each strComputer in arrComputers
On Error Resume Next
       '---- If computername is blank then exit loop ---
        If strComputer = "" Then 
           exit for
        End If
 '----------- Set Uninstall Password & LockUnloadSvcs Registry Key Values-------
 Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
 'objShell.Popup "Error = " & err.number & "!!!", 1
 ' ----If getObject fails, server is offline or doesn't exist -------------
 If err.number <> 0 then
        objShell.Popup "ERROR: "& strComputer & " is offline or access is denied", 1
      'wscript.echo "ERROR: "& strComputer & " is offline or access is denied"
      'write to log file
      WriteStuff.WriteLine(timeStamp & "  " & strComputer & " - ERROR! It is offline or doesn't exist.")
      On Error GoTo 0 
 '------ Else GO ahead and remove Registry Keys ---------------------
   On Error GoTo 0 
'   strKeyPath = "SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security"
'   ValueName = "LockUnloadServices" 
'   objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, strValue
'   If strValue<>0 Then
'      objReg.setDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, 1
      'WScript.Echo strComputer & ": LockUnloadServices set to: " & strValue
'   End If
'   ValueName = "UseVPUninstallPassword" 
'   objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, strValue
'   If strValue<>0 Then
'     objReg.setDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, 1
     'WScript.Echo strComputer & ": UninstallPW set to: " & strValue
'   End If
   '----- Run MSIEXEC to remove Symantec -------------
  For Each strSymantecKey in arrSymantecKeys
      'objshell.run "c:\pstools\psexec \\" & strComputer & " MsiExec.exe /norestart /q 
      objShell.run "c:\pstools\psexec \\" & strComputer & " MsiExec.exe /norestart /q /x " & strSymantecKey & " REMOVE=ALL", 8, true
  'Print to log file
   WriteStuff.WriteLine(timeStamp & " - " & strComputer & " - Symantec Removed.")
  'objShell.Popup strComputer & " - Symantec Removed", 1
  'WScript.Echo strComputer & " - Symantec Removed"
 End If
SET objReg=Nothing
'Write to log file and close it
WriteStuff.WriteLine(vbcrlf & "Script is Done, yo!")
SET WriteStuff = NOTHING
SET objShell = NOTHING
'Let user know the script is done!
WScript.Echo "SCRIPT IS DONE, YO!!!"

Open in new window

  • 4
1 Solution
mark_randolphAuthor Commented:
Can anyone help?
Are you sure there are'nt firewalls enabled on those machines? They can be blocking your requests.

We for our company decided to disable all internally firewalls on all computers (only virus scanning) and put a expensive firewall in front of our proxy server.
mark_randolphAuthor Commented:
I did find a TECHNET article that delt with a group policy that allow a GPO to disable and I did that to well hopefully works.
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

mark_randolphAuthor Commented:
All the computers were locked down, the administrative shares were disabled so no extenal commands could be executed. I refined the script, and completed the task. Interesting to disable the internal firewalls on all the PC's. I don't think that we will do such a thing. Too risky...
But thanks to all those that added there two cents.
mark_randolphAuthor Commented:
The solution was that the windows 2000 machine and the GPO where not adjusted right. Meaning back before the GPO was the way to modify nedworks the Administrators at the time constructed local policy's. They really messed with operation and ease of handling.
Modify GPO
Remove Local policy
and added a script to place the local shares back on the window 2000 machines
PAQed with points refunded (500)

EE Admin
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now