Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How can I access my  Windows 7 to Windows 8 upgraded machines

Posted on 2013-12-28
21
582 Views
Last Modified: 2014-01-23
Good evening  Experts,

I have just completed an inplace upgrade of 24 Windows 7 Pro Machines to Windows 8.1. I love the look and feel of 8.1 but I have lost functionality in terms of my scripts because several components were reverted back to their original state they would have been in with Windows 7. Allow me to elucidate with screen shots and easier explanations.

For me to have complete access to all of my machines in Windows 7 I had to perform the following task manually:

1. Firewall Off

!

2. Sharing Options and Network Disovery Turned On

!

3. Additional Settings With Boxes Checked (Reaaaally Necessary)

!

4. Allow Remote Connections

!

5. Allow Access to Admin Shares Via Registry

!

I am not worred about item 5 as I have a script that simply works. However, I don't want to go touch every machine that I upgraded and reset those settings.

What I am asking is for you experts to look a the first four items and suggest to me ways of  programmatically , turn off the firewall, turn on network discovery, turn on file and print sharing, turn on sharing so anyone with network access can read and write files in the public folders, Turn off password protected sharing, use user accounts and passwords to connect to other computers.

I would prefer solutions with a combination of vbscript, Wmi, Wsh, and registry coding, as these are my strong suits.
0
Comment
Question by:BLACK THANOS
21 Comments
 
LVL 22

Expert Comment

by:Olaf De Ceuster
ID: 39744305
Use group policy:
http://www.windowsecurity.com/articles-tutorials/Windows_Server_2012_Security/group-policy-changes-windows-server-2012-windows-8-window-rt-part1.html
Example for RDP: HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Terminal Server > WinStations > RDP-Tcp

Hope that helps,
Olaf
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 39744666
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39744918
Hi.

I saw your question about upgrade options (keep applications - possible?). I am afraid you relied on the wrong advice - not only your settings have vanished, but also all installed applications - see my comment on your other thread.

So this might stop this thread right here: do you want to continue or isn't it better to return to your (hopefully present) win7 backup to perform another upgrade (this time correct: win7->win8->8.1) and keep your applications?
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:BLACK THANOS
ID: 39745485
McKnife,
I knew I would lose the applications. I am not concerned about that. I am concerned only with a solution to changing the aforementioned settings programmatically. I already have a way to re-install all applications within minutes, i.e. , manage engine.

to be clear, I either want registry solutions to change the settings or some combination of wmi, vbs, or wsh.

respectfully,
Regis Hyde
0
 

Author Comment

by:BLACK THANOS
ID: 39745487
Also,

I am not using group policy because my network is purely peer to peer (Workgroup).
0
 

Author Comment

by:BLACK THANOS
ID: 39745494
Experts,

My goal is not to touch each machine manually, but to programmatically change the settings above via the programing tools I  mentioned above. I simply want to at my desktop and program a way to get into those machines. Right now I cant, unless I get off my behind and do this all manually. Respectfully , your solutions require me to go to each machine or rdp into them. That defeats the purpose of what I am trying to accomplish. Keep in mind , before I upgraded the machines to windows 8.1 I had complete control via my scripts.

All the machines retained all personal files , which is a god thing ,but all of the security setting were re-established. I should have simply cloned a pristine image via clonezilla , then I would not be in this predicament.

I only need solutions where I don't have to get out of my seat and don't have to use RDP as my main way of  configuring each machine.

I hope I am clear on what I am in need of.

Respectfully,

Regis Hyde
0
 

Author Comment

by:BLACK THANOS
ID: 39745496
Also,

all of the machines have the same accounts, member, B&G-Admin, and Administrator.

Same password too.
0
 

Author Comment

by:BLACK THANOS
ID: 39747254
will netsh do what I want
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39748038
Regis, your question should be divided into several quetions, it is too big and means quite some effort to sort out those settings/scripts.
It would be very helpful if you would show where you stand, what your scripting abilities are, what steps you need help with. So far it is not clear whether you need help or whether you see this as some kind of paid service that will do the whole work for you. I don't hope so ;)

netsh can configure the firewall per network profile, yes. Also look into the tool regshot in order to create a before-after comparison of the registry.
Happy new year, later on!
0
 

Author Comment

by:BLACK THANOS
ID: 39749210
Respectfully Mcnife,

I take your advice to heart, but it really is only one question and that is how do  I programmatically check or uncheck those boxes. That's it. Nothing more. it doesn't require breaking it up into several questions. To your point about having someone do the work for me , that is not now , nor has it ever been the case in the years I have been with experts exchange. netsh is a wonderful tool to enable or disable the firewall, but I was only using that as an example ( a bad one albeit) .

For clarity , I only want to be able to check or uncheck the radial buttons above programmatically or with the registry . Done.

Happy New Year,
Don't consume too much eggnog.
0
 
LVL 29

Accepted Solution

by:
Sudeep Sharma earned 250 total points
ID: 39749728
First, use psexec comes with pstools from microsoft so that you can run the scripts from the centralized location, may be your system. The only condition would be, if you don't have the same password for all the systems you would need type that for each system.

http://technet.microsoft.com/en-in/sysinternals/bb897553
http://download.sysinternals.com/files/PSTools.zip

As per my knowledge most of the this could be accomplished by the scripts or registry changes.

Remote Desktop:
We can enable remote desktop from windows command line by running the following command.
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

Open in new window


Disable Firewall on All the Profiles:
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile/EnableFirewall /d 0x0
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile/EnableFirewall /d 0x0
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile/EnableFirewall /d 0x0

Open in new window


Allow Access to Admin Shares Via Registry:
reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccoundTokemFilterPolicy /t REG_DWORD /d 1 /f

Open in new window


Copy all the registry into one bat files and execute it from your system on to the remote computers.

If you need more help running psexec let us know.

Sudeep
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 39751336
Sudeep's advice is correct.
This leaves us with just No. 2 and 3 unsolved.
Have you taken my advice and used regshot yet? It will show you the settings for 2 and 3.
Some will be hard to identify because the firewall settings (yes, netw. discovery and others are firewall settings) are always saved as a whole. Just the sharing security (128 bit) will be easily identified and distributable:
--
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"NtlmMinClientSec"=dword:20000000
"NtlmMinServerSec"=dword:20000000
--
To get hold of the firewall settings, I would tune it on one computer to your likings and then export the whole fw settings from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules to a regfile and then (with psexec again) import it using
regedit /s regfile.reg
0
 

Author Comment

by:BLACK THANOS
ID: 39755112
All,

Thank you for the information above. To be clear , psexec has always been my tool of choice in conjunction with vbscript, shell programming  and registry settings. However, I have a entirely different way of modifying the registry that is tried and true , so I am going to try your wonderful suggestions and get back to you when my testing is done. Hopefully no more than a day or two.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39756110
Ok.

To be nosey: how do you modify the registry?
0
 

Author Comment

by:BLACK THANOS
ID: 39772601
Good afternoon  MckNife,

I use wmi. Very intuitive and easy to use. I have modified literally hundreds of machines using wmi in concert with vbscript.

Example:

Const HKEY_LOCAL_MACHINE = &H80000002
Const MAXIMIZE_WINDOW = 0
Set objShell = WScript.CreateObject("WScript.Shell")
Computers = Array("wks-wnxp-01916")
Set objSWbemLocator = CreateObject _
("WbemScripting.SWbemLocator")
On Error Resume Next
For Each Computer In Computers

Set oReg = objSWbemLocator.ConnectServer _
(Computer, "root\default:StdRegProv","ADMINISTRATOR", "#@BtOp&vice")
Set StdRegProv = oReg.Get("StdRegProv")
strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"
strEntryName = "LocalAccountTokenFilterPolicy"
dwValue = 1
StdRegProv.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strEntryName,dwValue
Next
 

Open in new window


I wrap it in a encrypted executable and use the array function to perform registry task on any number of machines.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39773150
Ok, an encrypted because you store the password in the script? It gets decrypted on execution to the users temp-folder I guess. Normally that is the case.

How is the testing going?
0
 

Author Comment

by:BLACK THANOS
ID: 39795842
Gentlemen,
I have been out of commission with the flu. which is extremely bad for my condition, but I am back among the living ,so I will finish my testing this week and allocate the points accordingly.
0
 

Author Comment

by:BLACK THANOS
ID: 39804625
Testing completed. I will now allocate the points. You experts are always coming through for me.
0
 

Author Closing Comment

by:BLACK THANOS
ID: 39804629
Thanks Experts
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question