| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 113319 | 2010-10-14 03:07:00 | Remotely remove programs from PCs on domain, non-interactively? | Chilling_Silence (9) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1144691 | 2010-10-14 19:17:00 | You can make modifications to any Windows XP or Windows7/Vista OS to allow multi session, out of the box definitely not. Yes, I did so recently with Vista Premium with a staff members home PC, they wanted remote desktop. It did work to a point, but the hack doesn't change the registry for multi user hive and keys and therefore isn't as stable, certainly not a business production solution and most certainly not supported by MS |
SolMiester (139) | ||
| 1144692 | 2010-10-14 20:48:00 | Yeah I've gotta wonder about the legalities of it, that's my issue now I guess :( Found which bytes to patch in the termsrv.dll file, did that, made a couple of registry changes on a test machine and pushed out the dll. It let me login remotely via RDP which would disconnect the user from their session on the console, which I guess is ideal. Means that the user wouldn't have to shut down all their work / email / documents / browsers etc, and I could login as an administrative user, do my thing, then they log back in. Thing is with VNC right now, if they were clever, they'd just yank the cable outta the back of the PC while we're logged in as an administrative user. Nothing we can do to prevent that, and it means if they plug in their machine an hour or two later when we're off having lunch / coffee, they've got access to do whatever the hell they like ... So yeah, RDP certainly seems like the more appropriate way to go ;) |
Chilling_Silence (9) | ||
| 1144693 | 2010-10-14 21:15:00 | Yeah I've gotta wonder about the legalities of it, that's my issue now I guess :( Found which bytes to patch in the termsrv.dll file, did that, made a couple of registry changes on a test machine and pushed out the dll. It let me login remotely via RDP which would disconnect the user from their session on the console, which I guess is ideal. Means that the user wouldn't have to shut down all their work / email / documents / browsers etc, and I could login as an administrative user, do my thing, then they log back in. Thing is with VNC right now, if they were clever, they'd just yank the cable outta the back of the PC while we're logged in as an administrative user. Nothing we can do to prevent that, and it means if they plug in their machine an hour or two later when we're off having lunch / coffee, they've got access to do whatever the hell they like ... So yeah, RDP certainly seems like the more appropriate way to go ;) Yeah, but if they have limited access, any work you do will be ran as administrator, so they cant undo the work anyway. I dont use VNC that much, is there not a setting which blanks for local user while you are connected? |
SolMiester (139) | ||
| 1144694 | 2010-10-14 21:46:00 | Yeah but we have to log them out in order to login as Administrator and access the Control Panel --> Add / Remove Programs. So, if they pull the LAN cable while we're logged in as Administrator, that releases the "block local input" restriction and they're free to do as they like :D | Chilling_Silence (9) | ||
| 1144695 | 2010-10-14 22:00:00 | Yeah but we have to log them out in order to login as Administrator and access the Control Panel --> Add / Remove Programs. So, if they pull the LAN cable while we're logged in as Administrator, that releases the "block local input" restriction and they're free to do as they like :D OMG, you have users that would pull the LAN cable?....LMAO....Not sure how to reply to that.....To what end, if the plug it back in, you could easily throw them off the network, you just fire their sorry ass! |
SolMiester (139) | ||
| 1144696 | 2010-10-14 22:11:00 | Yeah I know it's not likely, but it's still a security issue nonetheless ;) Plausible, not probable... |
Chilling_Silence (9) | ||
| 1144697 | 2010-10-14 22:56:00 | Yeah I know it's not likely, but it's still a security issue nonetheless ;) Plausible, not probable... Im actually CNE for Novell, well, I was about 8 yrs ago. Back then we had DNS (original AD) and a great app called ZEN ( Zero Effort Networking). From within NDS you could great deliverable apps which you could simply associate with various users\groups, they would refresh the delivery shell and hey presto, new app, double click and it installs the file and reg setting etc, all from the IT helpdesk. As we didnt use domains, the local administrator account logged in with the Novell client and we control the NT right and control panel etc thru ZEN.... In all my time with AD since, I have yet to come across such a great tool for networks.... |
SolMiester (139) | ||
| 1144698 | 2010-10-15 00:04:00 | Ghost Corporate was able to do stuff like that. I used it when I was working at PCWorld some 8 years ago now in a trial / testing phase, though I'm not sure it was ever commissioned. It was great, it would snap-shot your PC and the files / registry, and allow you to do remote deployment by simply assigning a whole lot of groups to the PC within its own admin utility. Didn't require you to touch the machine, ever, you could deploy the tiny 'agent' remotely as well. Best part was it packaged everything as standalone .exe files which could manually be copied / run anywhere if you so-desired. They could also be removed remotely too... Completely non-interactively! It was so freakin cool!! |
Chilling_Silence (9) | ||
| 1144699 | 2010-10-15 00:08:00 | Ghost Corporate was able to do stuff like that. I used it when I was working at PCWorld some 8 years ago now in a trial / testing phase, though I'm not sure it was ever commissioned. It was great, it would snap-shot your PC and the files / registry, and allow you to do remote deployment by simply assigning a whole lot of groups to the PC within its own admin utility. Didn't require you to touch the machine, ever, you could deploy the tiny 'agent' remotely as well. Best part was it packaged everything as standalone .exe files which could manually be copied / run anywhere if you so-desired. They could also be removed remotely too... Completely non-interactively! It was so freakin cool!! Yes, ZEN did exactly that back in 98..very cool product....AD is a very poor substitute! |
SolMiester (139) | ||
| 1144700 | 2010-10-15 00:43:00 | Indeed :( | Chilling_Silence (9) | ||
| 1 2 3 | |||||