Solved

How can I access my  Windows 7 to Windows 8 upgraded machines

Posted on 2013-12-28
21
575 Views
Last Modified: 2014-01-23
Good evening  Experts,

I have just completed an inplace upgrade of 24 Windows 7 Pro Machines to Windows 8.1. I love the look and feel of 8.1 but I have lost functionality in terms of my scripts because several components were reverted back to their original state they would have been in with Windows 7. Allow me to elucidate with screen shots and easier explanations.

For me to have complete access to all of my machines in Windows 7 I had to perform the following task manually:

1. Firewall Off

!

2. Sharing Options and Network Disovery Turned On

!

3. Additional Settings With Boxes Checked (Reaaaally Necessary)

!

4. Allow Remote Connections

!

5. Allow Access to Admin Shares Via Registry

!

I am not worred about item 5 as I have a script that simply works. However, I don't want to go touch every machine that I upgraded and reset those settings.

What I am asking is for you experts to look a the first four items and suggest to me ways of  programmatically , turn off the firewall, turn on network discovery, turn on file and print sharing, turn on sharing so anyone with network access can read and write files in the public folders, Turn off password protected sharing, use user accounts and passwords to connect to other computers.

I would prefer solutions with a combination of vbscript, Wmi, Wsh, and registry coding, as these are my strong suits.
0
Comment
Question by:BLACK THANOS
21 Comments
 
LVL 22

Expert Comment

by:Olaf De Ceuster
Comment Utility
Use group policy:
http://www.windowsecurity.com/articles-tutorials/Windows_Server_2012_Security/group-policy-changes-windows-server-2012-windows-8-window-rt-part1.html
Example for RDP: HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Terminal Server > WinStations > RDP-Tcp

Hope that helps,
Olaf
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
Comment Utility
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Hi.

I saw your question about upgrade options (keep applications - possible?). I am afraid you relied on the wrong advice - not only your settings have vanished, but also all installed applications - see my comment on your other thread.

So this might stop this thread right here: do you want to continue or isn't it better to return to your (hopefully present) win7 backup to perform another upgrade (this time correct: win7->win8->8.1) and keep your applications?
0
 

Author Comment

by:BLACK THANOS
Comment Utility
McKnife,
I knew I would lose the applications. I am not concerned about that. I am concerned only with a solution to changing the aforementioned settings programmatically. I already have a way to re-install all applications within minutes, i.e. , manage engine.

to be clear, I either want registry solutions to change the settings or some combination of wmi, vbs, or wsh.

respectfully,
Regis Hyde
0
 

Author Comment

by:BLACK THANOS
Comment Utility
Also,

I am not using group policy because my network is purely peer to peer (Workgroup).
0
 

Author Comment

by:BLACK THANOS
Comment Utility
Experts,

My goal is not to touch each machine manually, but to programmatically change the settings above via the programing tools I  mentioned above. I simply want to at my desktop and program a way to get into those machines. Right now I cant, unless I get off my behind and do this all manually. Respectfully , your solutions require me to go to each machine or rdp into them. That defeats the purpose of what I am trying to accomplish. Keep in mind , before I upgraded the machines to windows 8.1 I had complete control via my scripts.

All the machines retained all personal files , which is a god thing ,but all of the security setting were re-established. I should have simply cloned a pristine image via clonezilla , then I would not be in this predicament.

I only need solutions where I don't have to get out of my seat and don't have to use RDP as my main way of  configuring each machine.

I hope I am clear on what I am in need of.

Respectfully,

Regis Hyde
0
 

Author Comment

by:BLACK THANOS
Comment Utility
Also,

all of the machines have the same accounts, member, B&G-Admin, and Administrator.

Same password too.
0
 

Author Comment

by:BLACK THANOS
Comment Utility
will netsh do what I want
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Regis, your question should be divided into several quetions, it is too big and means quite some effort to sort out those settings/scripts.
It would be very helpful if you would show where you stand, what your scripting abilities are, what steps you need help with. So far it is not clear whether you need help or whether you see this as some kind of paid service that will do the whole work for you. I don't hope so ;)

netsh can configure the firewall per network profile, yes. Also look into the tool regshot in order to create a before-after comparison of the registry.
Happy new year, later on!
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:BLACK THANOS
Comment Utility
Respectfully Mcnife,

I take your advice to heart, but it really is only one question and that is how do  I programmatically check or uncheck those boxes. That's it. Nothing more. it doesn't require breaking it up into several questions. To your point about having someone do the work for me , that is not now , nor has it ever been the case in the years I have been with experts exchange. netsh is a wonderful tool to enable or disable the firewall, but I was only using that as an example ( a bad one albeit) .

For clarity , I only want to be able to check or uncheck the radial buttons above programmatically or with the registry . Done.

Happy New Year,
Don't consume too much eggnog.
0
 
LVL 29

Accepted Solution

by:
Sudeep Sharma earned 250 total points
Comment Utility
First, use psexec comes with pstools from microsoft so that you can run the scripts from the centralized location, may be your system. The only condition would be, if you don't have the same password for all the systems you would need type that for each system.

http://technet.microsoft.com/en-in/sysinternals/bb897553
http://download.sysinternals.com/files/PSTools.zip

As per my knowledge most of the this could be accomplished by the scripts or registry changes.

Remote Desktop:
We can enable remote desktop from windows command line by running the following command.
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

Open in new window


Disable Firewall on All the Profiles:
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile/EnableFirewall /d 0x0
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile/EnableFirewall /d 0x0
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile/EnableFirewall /d 0x0

Open in new window


Allow Access to Admin Shares Via Registry:
reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccoundTokemFilterPolicy /t REG_DWORD /d 1 /f

Open in new window


Copy all the registry into one bat files and execute it from your system on to the remote computers.

If you need more help running psexec let us know.

Sudeep
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 250 total points
Comment Utility
Sudeep's advice is correct.
This leaves us with just No. 2 and 3 unsolved.
Have you taken my advice and used regshot yet? It will show you the settings for 2 and 3.
Some will be hard to identify because the firewall settings (yes, netw. discovery and others are firewall settings) are always saved as a whole. Just the sharing security (128 bit) will be easily identified and distributable:
--
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"NtlmMinClientSec"=dword:20000000
"NtlmMinServerSec"=dword:20000000
--
To get hold of the firewall settings, I would tune it on one computer to your likings and then export the whole fw settings from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules to a regfile and then (with psexec again) import it using
regedit /s regfile.reg
0
 

Author Comment

by:BLACK THANOS
Comment Utility
All,

Thank you for the information above. To be clear , psexec has always been my tool of choice in conjunction with vbscript, shell programming  and registry settings. However, I have a entirely different way of modifying the registry that is tried and true , so I am going to try your wonderful suggestions and get back to you when my testing is done. Hopefully no more than a day or two.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Ok.

To be nosey: how do you modify the registry?
0
 

Author Comment

by:BLACK THANOS
Comment Utility
Good afternoon  MckNife,

I use wmi. Very intuitive and easy to use. I have modified literally hundreds of machines using wmi in concert with vbscript.

Example:

Const HKEY_LOCAL_MACHINE = &H80000002
Const MAXIMIZE_WINDOW = 0
Set objShell = WScript.CreateObject("WScript.Shell")
Computers = Array("wks-wnxp-01916")
Set objSWbemLocator = CreateObject _
("WbemScripting.SWbemLocator")
On Error Resume Next
For Each Computer In Computers

Set oReg = objSWbemLocator.ConnectServer _
(Computer, "root\default:StdRegProv","ADMINISTRATOR", "#@BtOp&vice")
Set StdRegProv = oReg.Get("StdRegProv")
strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"
strEntryName = "LocalAccountTokenFilterPolicy"
dwValue = 1
StdRegProv.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strEntryName,dwValue
Next
 

Open in new window


I wrap it in a encrypted executable and use the array function to perform registry task on any number of machines.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Ok, an encrypted because you store the password in the script? It gets decrypted on execution to the users temp-folder I guess. Normally that is the case.

How is the testing going?
0
 

Author Comment

by:BLACK THANOS
Comment Utility
Gentlemen,
I have been out of commission with the flu. which is extremely bad for my condition, but I am back among the living ,so I will finish my testing this week and allocate the points accordingly.
0
 

Author Comment

by:BLACK THANOS
Comment Utility
Testing completed. I will now allocate the points. You experts are always coming through for me.
0
 

Author Closing Comment

by:BLACK THANOS
Comment Utility
Thanks Experts
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now