Go Premium for a chance to win a PS4. Enter to Win


Domain in Distress - Have little control over computers

Posted on 2008-06-20
Medium Priority
Last Modified: 2013-12-09
On this Domain, everytime I try to access a computer it either tells me that I have no access, or its not turned on. They are turned on.
I have modified the Domain Computers to allow for Domains Admin to pass though. But I may have to further modify that to all OU's.
I try to execute a script and it just doesn't work.

Part one - Goes through and modify the registry and changes the locks on the Sysmantec AntiVirus Software in order to be uninstalled.

Part two - Goes through and uninstalls the software.

My problem is that the admin$ which access these tools in order to remove symantec is missing on most of the computers.
It seems that the IT personnel before me didn't want to admins to access or be able to remote into the users computers. So they modified the computers in order to prevent remote access.
We have to access computers via VNC which uses the Explorer GUI interface and requests permission, ok that works but the normal windows remote stuff doesn't

Here is what i can do:

1. I can remote into the registry
2. I can remote into the computer manager which gives me access to many things.
    a.  Shares - or to look at shares
    b. Services
    c. Event Logs

I see that the ADMIN$ is missing on all the computers, and i found this article below -

Has enyone ever tangled with something like this before?

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 (http://support.microsoft.com/kb/322756/) How to back up and restore the registry in Windows

To verify whether a computer is affected by this issue, follow these steps:1. Examine the AutoShareServer and AutoShareWks registry values to make sure that they are not set to 0: a.  Click Start, click Run, type regedit, and then press ENTER.
b.  Locate and then click the following registry sub-key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
c.  If the AutoShareServer and AutoShareWks DWORD values in the LanmanServer\Parameters sub-key are configured with a value data of 0, change that value to 1.

Note If these values do not exist, you do not have to create them because the default behavior is to automatically create the administrative shares.  
d.  Quit Registry Editor.  
2. Restart the computer. Typically, computers that are running Windows Server 2003, Windows XP, Windows 2000, or Windows NT 4.0 automatically create the administrative shares during startup.  
3. After the computer restarts, verify that the administrative shares are active. To examine the shares, use the net share command. To do this, follow these steps: a.  Click Start, click Run, type cmd, and then press ENTER.  
b.  At the command prompt, type net share, and then press ENTER.  
c.  Look for the Admin$, C$, and IPC$ administrative shares in the list of shares.  

'Remove Symantec Remotely and Silently
'Results are stored in a log file: symantec.log
'--------------- Create Log File ----------------
'Open up the path to save the information into a text file
Dim Stuff, myFSO, WriteStuff, timeStamp
timeStamp = Time()
Set myFSO = CreateObject("Scripting.FileSystemObject")
Set WriteStuff = myFSO.OpenTextFile("symantec.log", 2, True)
Dim objShell: Set objShell=CreateObject("Wscript.Shell")
Dim startMsg
startMsg = "STARTING SCRIPT, YO!" & vBCrLF & "You do not neet to click OK until it is done." &_
           vbcrlf & "When the script is done, it will say DONE, YO! Check symantec.log for results."
objShell.Popup startMsg, 3
'WScript.Echo startMsg
WriteStuff.WriteLine("Starting Script, yo!" & vbcrlf)
'-------------------- Grab computer names from Computer.txt and store in array ----------------
strComputers = ""
On Error Resume Next
'Initialize global constants and variables.
g_strHostFile = "computers.txt"
'Read computer names for install from text file.
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(g_strHostFile) Then
  Set objTextStream = objFSO.OpenTextFile(g_strHostFile, FOR_READING)
  WScript.Echo "ERROR: Input file " & g_strHostFile & " not found."
End If
'Loop through list of computers and perform tasks on each.
Do Until objTextStream.AtEndOfStream
  readingInComputer= objTextStream.ReadLine
'  Wscript.Echo VbCrLf & readingInComputer 
 strComputers = strComputers + readingInComputer +","
arrComputers = Split(strComputers , ",")
'----------------------------- Symnantec Piece---------------------------------
'Pre condition:  arrComputers must be populated from Computer.txt
'------- Insert all Available Keys Here-------------------
Dim strSymantecKeys
Const HKEY_LOCAL_MACHINE = &H80000002
arrSymantecKeys = Split(strSymantecKeys, ",")
For Each strComputer in arrComputers
On Error Resume Next
       '---- If computername is blank then exit loop ---
        If strComputer = "" Then 
           exit for
        End If
 '----------- Set Uninstall Password & LockUnloadSvcs Registry Key Values-------
 Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
 'objShell.Popup "Error = " & err.number & "!!!", 1
 ' ----If getObject fails, server is offline or doesn't exist -------------
 If err.number <> 0 then
        objShell.Popup "ERROR: "& strComputer & " is offline or access is denied", 1
      'wscript.echo "ERROR: "& strComputer & " is offline or access is denied"
      'write to log file
      WriteStuff.WriteLine(timeStamp & "  " & strComputer & " - ERROR! It is offline or doesn't exist.")
      On Error GoTo 0 
 '------ Else GO ahead and remove Registry Keys ---------------------
   On Error GoTo 0 
'   strKeyPath = "SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security"
'   ValueName = "LockUnloadServices" 
'   objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, strValue
'   If strValue<>0 Then
'      objReg.setDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, 1
      'WScript.Echo strComputer & ": LockUnloadServices set to: " & strValue
'   End If
'   ValueName = "UseVPUninstallPassword" 
'   objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, strValue
'   If strValue<>0 Then
'     objReg.setDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, 1
     'WScript.Echo strComputer & ": UninstallPW set to: " & strValue
'   End If
   '----- Run MSIEXEC to remove Symantec -------------
  For Each strSymantecKey in arrSymantecKeys
      'objshell.run "c:\pstools\psexec \\" & strComputer & " MsiExec.exe /norestart /q 
      objShell.run "c:\pstools\psexec \\" & strComputer & " MsiExec.exe /norestart /q /x " & strSymantecKey & " REMOVE=ALL", 8, true
  'Print to log file
   WriteStuff.WriteLine(timeStamp & " - " & strComputer & " - Symantec Removed.")
  'objShell.Popup strComputer & " - Symantec Removed", 1
  'WScript.Echo strComputer & " - Symantec Removed"
 End If
SET objReg=Nothing
'Write to log file and close it
WriteStuff.WriteLine(vbcrlf & "Script is Done, yo!")
SET WriteStuff = NOTHING
SET objShell = NOTHING
'Let user know the script is done!
WScript.Echo "SCRIPT IS DONE, YO!!!"

Open in new window

Question by:mark_randolph
  • 4

Author Comment

ID: 21830912
Can anyone help?

Expert Comment

ID: 21830994
Are you sure there are'nt firewalls enabled on those machines? They can be blocking your requests.

We for our company decided to disable all internally firewalls on all computers (only virus scanning) and put a expensive firewall in front of our proxy server.

Author Comment

ID: 21836139
I did find a TECHNET article that delt with a group policy that allow a GPO to disable and I did that to well hopefully works.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 22012176
All the computers were locked down, the administrative shares were disabled so no extenal commands could be executed. I refined the script, and completed the task. Interesting to disable the internal firewalls on all the PC's. I don't think that we will do such a thing. Too risky...
But thanks to all those that added there two cents.

Author Comment

ID: 22326973
The solution was that the windows 2000 machine and the GPO where not adjusted right. Meaning back before the GPO was the way to modify nedworks the Administrators at the time constructed local policy's. They really messed with operation and ease of handling.
Modify GPO
Remove Local policy
and added a script to place the local shares back on the window 2000 machines

Accepted Solution

Computer101 earned 0 total points
ID: 22444435
PAQed with points refunded (500)

EE Admin

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question