none
Managing 2000 PCs without Active Directory RRS feed

  • Question

  • We dont have any installation of Active Directory and Workgroup etc. We have deployed a helpdesk software solution which uses agent based scanning (agents deployed on clients) for inventory collection and remote control of the client from the central helpdesk. Since the environment does not have an Active Directory installation, any updates to the agents is not possible without physical visit to the client. Also any installation of fonts etc is not currently possible without a physical visit. further, the helpdesk software has a feature for remote control of the client using the agent installed on the clients, but all these features require installation of an active directory or administrative privileges on the client PCs.

    All the users in our environment are mainly using the account with Administrative privileges to login locally and use the PCs (either built in administrator account or a separate administrator privilege account). They are also allowed to change the password of their Administrator accounts being used by them. In view of this fact it is felt that this main administrator account cannot be reliably used for accessing the PCs remotely from the Helpdesk software or to deploy the fonts, patches etc as elaborated above. Hence it is proposed to create another hidden administrator account with a common name and password across all the PCs, which will then be used to access the PCs remotely by the helpdesk software remote control etc. To avoid confusion among the users the account used for our purpose shall be kept hidden.

    Deploying Active Directory would basically require to instil some IT discipline among the users and management capabilities which may not be feasible in the current scenario immediately. Till then we have to plan and fulfil the below mentioned objectives without an Active Directory.

    1. Implementing the Remote Control and Agent Solution of the Helpdesk Software. The agent also does the job of inventory collection of networked PCs. The inventory collection with the present agent does not require Administrator password or AD.

    2. Implementing the Fonts and general Software Deployment solution.

    3. Implementing the Windows Update/ Patch Management solution through WSUS or otherwise.

    4. Is there any free third party tool which can help achieve the objectives.

    5. Is it possible to get a batch file or script which would automate the task of hiding one account with administrative privileges on a large numbver of computers so that it does not appear on the logon screen. However it should be possible to remotely login to the computer using the same login account and push patches and updates.

    6. It is worth noting that out of a large number of computers, some have Windows XP, some have Vista, while others have Windows 7 loaded on them. So the batch file or script proposed should be able to work on all the three operating systems. If separate batch files/ script are required for different operating systems then all the scripts / batch files may be advised.


    In this regard and above requirements, kindly advise on the feasibility and suitability of the following:

    1. Is it recommended to create hidden user Account with Administrative privileges on each of the 1500 PCs. The user account name and password shall be same/common to all the 1500 PCs. However the user account should not be visible on the logon screen of Windows.

    2. Use the common Administrative privileges account to push patches and use Windows Update/ WSUS etc or to push any other software update, fonts, agent update etc.

    3. Is there any free third party tool which can help achieve the objectives.

    4. Is it possible to get a batch file or script which would automate the task of hiding one account with administrative privileges on a large numbver of computers so that it does not appear on the logon screen. However it should be possible to remotely login to the computer using the same login account and push patches and updates.

    5. Is there any other alernative method or solution available to achieve the above objectives.

    6. It is worth noting that out of a large number of computers, some have Windows XP, some have Vista, while others have Windows 7 loaded on them. So the batch file or script proposed should be able to work on all the three operating systems. If separate batch files/ script are required for different operating systems then all the scripts / batch files may be advised.


    I would request for suggestions on implementing the above, till the AD environment is put in place.

    Monday, July 11, 2011 7:33 AM

Answers

  • Refer to your other thread: http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/a32f20af-8a4e-4084-a9c4-5bcaa6ec717f/

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator

    • Marked as answer by Kevin Remde Monday, November 14, 2011 11:41 AM
    Monday, July 11, 2011 1:26 PM