Remote Computer Management Using Local Admin Credentials?

Similar Messages

• How to Reset Password of User while not connected to Domain using Local Admin Account

  How to Reset Password of User while not connected to the Domain using Local Admin Account
  (I have the use of a local admin account), and I want to help a user reset their password who has logged in the PC and had their credentials cached, but forgot this password. 
  In Local Admin Account :
  When I go to Control Panel, users, users, manager user ; I cannot see any users in this window except the local admin account, and, so I cannot reset a user password this way.
  When I go to lusrmgr.msc, then users ; the local admin account will display only. 
  If I go to command prompt and type "net user", this will not display any users who have logged in to the computer, and so I cannot use "net user" to reset a password.
  I don't want to use any disks, 3rd party programs, or create a VPN connection to the domain.  I just want to help a user who calls in and forgets their password.

  Hello Keith,
  I know this is an old thread but I'm trying to better understand how I could change the domain password while not on the network. What I'm getting from your post is that you:
  1. Create a local user account (not a domain user)
  2. Login with that local user account
  3. Connect to the VPN while logged in as a local user
  4. Log out of the local account and login with the domain credentials
  Now, my question is based on the assumption that the password created on the local account is the same password that one will use to login to the domain account? Also, is the local user account the same as the domain account?
  Thanking you in advance!

• Computer Managed Prefs: Local Login Account Fails

  I have ann intel Mac running Tiger. It is also bound tom active directory so that network accounts can login to it. The problem is that when I use the managed computer prefs from the tiger server workgroup manager, the local account cannot login, however when I remove the computer from the list it will login the local account.
  I have deleted the account and tried a fresh one. I have reset the PRAM. HAs anyone else experienced this problem. Since I am only managing the prefs at the machine level it should not affect users accounts like this.....
  Is there a real good source for management tips using the workgroup manager....There are some issues I have with this tool and maybe I can get some more insight into how to deal with some of the holes in the system....

  Since I am only managing the prefs at the machine level it should not affect users accounts like this...
  Yes, it will.
  In WGM click the 'Preferences' icon. Click the 'Computer Group' icon (double rectangle). Click the 'Login' icon. Click 'Options'. Check the checkbox labelled, 'Local administrators may refresh or disable management'. Click 'Apply'.
  To allow your AD domain admins to administer your workstations, in Directory Utility.app click the 'Services' icon. Click on the 'Active Directory' plugin. Toggle the triangle next to 'Show Advanced Options'. Click the 'Administrative' tab. Check the 'Allow administration by:' checkbox. Add the AD admin groups that you wish to allow admin level access on your client workstations. Click 'OK'. Click 'Apply'.
  You can take a look at the two resources below on Active Directory integration and OS X client management for more information.
  Mike Bombich's, 'Leveraging Active Directory on Mac OS X':
  http://www.bombich.com/mactips/activedir.html
  John DeTroye's, 'Tips and Tricks for Macintosh Management, Leopard Edition':
  http://homepage.mac.com/johnd/.Public/tandtleo14.3.pdf

• Having trouble getting ethernet router off computer to use local wifi

  My daughters touchscreen laptop was used on an ethernet router at college.  She is now home and we use an AT&T elevate hot spot.   The laptop will not let her online due to  looking for router.  How can we get the router off and get our internet in?

  Chery,
  Welcome to the HP Community Forum.
  The following is a Guess:
  This is answer may seem counter-intuitive to your question:
  How to Assign a Static IP Address in Windows 7, 8, XP, or Vista
  The computer may be set up to use a Static IP address and / or it is set up to look for a particular Internet Service Provider -- (DNS Server), that is, the provider at the school.
  You might go in and check the Network setup.
  You may need to do this in the WiFi and Lan Network Adapter settings if such are available.
  If your computer is set up as shown in the directions in the Link -- then you want to make the following changes to remove that static IP setup and allow your computer to be "free" to select your home Wifi network.
  Local Area Connection Properties window:
  Where it suggests in the directions that you Select
  "Use the following IP address"
  and
  "Use the folling DNS Server Address"
  on your computer:
  You confirm / Select "Obtain a IP Address automatically"
  and
  You confirm / Select "Obtain DNS Server address automatically"
  ===========================================================================
  I hope this makes sense.
  Click the Kudos Thumbs-Up to show you appreciate the help.
  Click Accept as Solution when the Answer provides a Fix or Workaround!
  I am pleased to provide assistance on behalf of HP. I do not work for HP. 
  Kind Regards,
  Dragon-Fur

• Use local admin account to reset local users password?

  Everytime I logout or shut down my mac book pro running 10.7.4 I cannot login because the login "shakes" when I put in my password.  The local account, userX, is also a mobile account on my home Lion Server network.  Even why I try to go through the process of resetting my password using my appleid, the new password doesn't allow userX to logon to the machine, let alone the home network.
  Thoughts?

  did you see the link? Pertinent info therefrom:
  OS X Lion
  From the Apple menu choose System Preferences....
  From the View menu choose Users & Groups.
  Click the lock and authenticate as an administrator account.
  Click Login Options....
  Click the "Edit..." or "Join..." button at the bottom right.
  Click the "Open Directory Utility..." button.
  Click the lock in the Directory Utility window.
  Enter an administrator account name and password, then click OK.
  Choose Enable Root User from the Edit menu.
  Enter the root password you wish to use in both the Password and Verify fields, then click OK.

• Not able to login to BIP using OBIEE Admin credentials

  hi,
  I am not able to login into BI Publisher(http://<Server name>:7001/xmlpserver/) with my OBIEE Admin credentails. It throws an error "Unauthorized Access: please contact the administrator".
  I have checked in console that this Admin User has been assigned to Administrators and BIAdministrators group.
  Also I have a BISystemUser which is assigned to Administrators group.
  Don't know why it is not working as similar User and group setting onto a different server works.
  Regards,
  Bhavik

  Any suggestions would be helpful.

• WMI tasks, how to launch one .EXE using Admin credentials

  Hi there,
  My goal is just start Sql Server Management Studio using ADMIN credentials.
  This is my script:
  Dim objWMIService, objProcess, objCalc
  Dim strShell, objProgram, strComputer, strExe 
  strComputer = "."
  strExe = "Ssms.exe"
  set objWMIService = getobject("winmgmts://"_
  & strComputer & "/root/cimv2") 
  Set objProcess = objWMIService.Get("Win32_Process")
  Set objProgram = objProcess.Methods_( _
  "Create").InParameters.SpawnInstance_
  objProgram.CommandLine = strExe 
  Set strShell = objWMIService.ExecMethod( _
  "Win32_Process", "Create", objProgram) 
  WSCript.Quit 
  Thanks for any input, 

  If you want to bore yourself here are the rules.
  https://msdn.microsoft.com/en-us/library/aa826699%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396
  Handling Remote Connections Under UAC
  Whether you are connecting to a remote computer in a domain or in a workgroup determines whether UAC filtering occurs.
  If your computer is part of a domain, connect to the target computer using a domain account that is in the local Administrators group of the remote computer. Then UAC access token filtering will not affect the domain accounts in the local Administrators
  group. Do not use a local, nondomain account on the remote computer, even if the account is in the Administrators group.
  In a workgroup, the account connecting to the remote computer is a local user on that computer. Even if the account is in the Administrators group, UAC filtering means that a script runs as a standard user. A best practice is to create a dedicated local
  user group or user account on the target computer specifically for remote connections.
  David Candy

• Farm Remote App 2012 R : Your system administrator does not allow the use of default credentials to log on to Work Resources

  Hi
  Here is the situation:
  I have a Farm with 3 servers W2012R2 in a Domain
  Server1                           Server 2                                  
  Server3
  RDSession Host            RDSession Host                            
  RDSession Host
  Connection Broker        Connection Broker (Passive)
  RD Web Access
  2 DNS Alias : - poc.mydomain.local (Use for the RD Web Access and points to Server1
                      -poccb.mydomain.local (Use for the Connection Broker and points to Server1)
  I have setup the Connection broker in HA with Server2 as Passive Server : DNS Round Robin poccb.mydomain.local (Server1)
  The certificate Manager has generated 2 CA certificates :
  - 1 for the RD Web Acc (poc.mydomain.local
  -1 for Connection Broker SSO and for publishing
  I have created 1 Group Policy for these 3 servers and 1 GP for my client Windows 7 SP1.
  Server GPO :
  Computer/Administrative Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security
  Always prompt for password upon connection=Disabled
  Require use of specific security layer for remote (RDP) connections : SSL (TLS 1.0)
  Set client connection encryption level : High Level
  Client GPO
  Computer/Administrative Templates/System/Credentials Delegation = Allow delegating default credentials (Concatenate OS defaults with input above)
  TERMSRV/POCCB.mydomain.local
  I use no Gateway and in my collection,I have activated SSL (Like in my Server GPO)
  I have now problem with SSO.
  Connection with remote desktop client with server name = poccb.mydomain.local
  Your system administrator does not allow you the use of default credentials to log on to the remote computer poccb.mydomain.local because its identity is not fully verified
  If in my client GPO I add the physical name of the 3 servers, it works :
  TERMSRV/Server1
  TERMSRV/Server2
  TERMSRV/Server3
  Open RDP Files with server name = poccb.mydomain.local
  if my connection broker connects me on Server1 , no problem
  But If I arrive on Server2 & Server 3=
  Your system administrator does not allow the use of default credentials to log on to Work Resources
  I have searched on internet. No result for " to log on to Work Resources"
  Any idea ? Thanks for your help

  Hi,
  Thank you for posting in Windows Server Forum.
  Firstly check that, your user is using domain\username to enter the credential in the dialog box.
  Now for a try, you can edit .rdp file with notepad and just place “enablecredsspsupport:i:0” line in it, save it an launch to check whether you are facing same issue.
  As you are using windows 7 then upgrade to RDP 8.1. Also as you have already enter the FQDN name of server under “Allow delegating default credentials”. For a try please enable and configure for all the remaining settings as follow and check the result.
  Start / Run / gpedit.msc / Computer Configuration / Administrative Templates / System / Credentials Delegation, and make sure you have the following four options enabled and configured:
  Allow Delegating Default Credentials with NTLM-only Server Authentication
  Allow Delegating Default Credentials
  Allow Delegating Saved Credentials
  Allow Delegating Saved Credentials with NTLM-only Server Authentication
  Finally, open a command prompt and use “gpupdate /force” command to apply the policy directly.
  More information:
  Remote desktop credentials did not work
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Write-eventlog on remote computer

  I am trying to write an event to an eventlog on a remote computer. If the user that log's in to the remote computer (using Enter-PSSession) is in the 'local administrators' group on the remote computer, I can write successfully to the remote eventlog.
  If the user is not in the 'local administrators' group on the remote computer I get the message:
  The registry key for the log "Application" for source "FTPS" could not be opened.
  I have tried the following:
  - changing permissions in the registry
  - adding the user to all other 'local' users group except the administrators group
  - enabling firewall rules "Remote Eventlog...."
  I have also tried the following command:
  write-eventlog -computername computername -logname logname -source
  source
  Again, this only works if the user that is connecting to the remote computer is an local administrator.
  Can anybody help me with this problem?
  Kind Regards,

  This is because the event log is not intended to be used for ad-hic logging.  A process must be registered for logging and it must use a source that is unique.  Admins can override this to some degree.
  The Enter-PsSession is already logged in the event log.  It will have all needed information.  It should be in the WInRM event log. YOu do not need to also write an event.
  \_(ツ)_/

• Connecting to UCS6120 from Fabric Manager using TACACS

  Standalone Fabric Manager 5.0(4a)
  UCS 1.4(3s)
  I have to log into Fabric Manager using TACACS with SNMPv3 (company network security restriction).
  I launch Fabric Manger using my TACACS account which connects to all the switches in my two fabrics using the same credentials.
  I can connect to all MDS9513, MDS9222i, IBM Bladechassis FC switch modules and all NX5020 switches in the fabrics. Fabric Manager cannot connect to any of the eight UCS6120 switches in the fabrics, returning a status of Unknow User or Password(Server,Client).
  This, I understand, requires the creation of a specific SNMP user, which is fine. However as I am logged into Fabric Manager using a single TACACS account, I cannot supply alternate credentials to a subset of switches in the fabric.
  Is there a work around for this to enable management of the 6120s in FM? or am I missing something.
  Thanks
  Mike Taylor

  Fabric Manager uses the same credentials to access all systems,  these credentials will need to be valid on the UCS platform as well.  Create a local SNMP user on UCS and check.  This needs to be different from any non-snmp authentication accounts on UCS.
  Note that FM cannot manage UCS.  You will be able to view into UCS but not make changes. May not be an issue if UCSM is running end host mode.  To make any changes, you will need to use the UCSM GUI or CLI or other tool for administration.
  Thank You,
  Dan Laden
  PDI Helpdesk
  http://www.cisco.com/go/pdihelpdesk

• How do I send a command to run a program on a remote computer

  I am trying to use the TCP vi's to send a command to a remote computer on our local area network, so that a program runs on that remote computer. How do I do this, if possible?

  Set one server VI on the remote computer to LISTEN (create listener / wait on listener) continuously for one port. When it receive something, READ the string and see if it is the one that you are expecting. On your computer, set a client VI, which first CONNECT (open connection) to the remote computer (using remote's IP and port number) and then it SENDs a string containing the command.
  Hope it helps.
  p.s.: Uppercase words name the Vis that you should use for this application.

• How to capture the screen of the remote computer

  sir
  i need help for my project how to capture the screen of the remote
  system plaese give idea for doing the project

  Run a daemon on the remote computer which uses java.awt.Robot.

• Remove domain account on remote computer using its local credentials

  I want to make a script that will remove domain user account from remote computer. Right now I tested dosen of methods. I have stick to this:
  ([ADSI]"WinNT://$computerName/$localGroupName,group").Remove("WinNT://$domainName/$userName")
  Thats absolutely working on local computer, but when I try to reach the remote computer I get 'Access Denied' error.
  I do know the credentials for remote computer. I know how to created credential object. Now I am stuck with - how to force it use credential object with that kind of task?
  Invoke is not an option.

  This won't work in a Workgroup setting.  It only works in a domain if you are a Domain Admin.
  ¯\_(ツ)_/¯

• I can no longer use all of the "Computer Management" tools against a remote computer. "Local Users and Groups", "Event Viewer", "Performance Logs and Alerts" and "Device Manager"

  Hello All,
  I can no longer use all of the "Computer Management" tools against a remote
  computer. "Local Users and Groups", "Event Viewer", "Performance Logs and
  Alerts" and "Device Manager"
  kindly see the below snapshot for assistance
  REGARDS DANISH DANIE

  This link may help....
  http://windowsxp.mvps.org/admintools.htm
  Freeman

• Restart-Computer remotely with Local Admin

  Hello;
  I manage my company's server and AD infrastructure, containing hundreds of Windows 2012 R2 servers.  I also patch all of my servers monthly.  The biggest challenge in patching servers, is the fact that they need to be restarted every month, in
  order for the patches to finish installing.
  We have a certain group of servers, that need to have their restarts specifically scheduled.  The services offered by these servers are managed by a specific group of IT Pros.  However, this group of IT Pros do not have Local Administrative permissions
  on these servers (nor do they need it to do there jobs).
  I would like to enable this group to remotely restart these servers every month using the 'Restart-Computer' powershell command, without granting them Local Admin (that way, I won't need to get up at 3am every month to do this myself).  I've tried adding
  them to the following "User Rights Assignment": "Force shutdown from a remote system" and "Shut down the system".
  But, they still get an "Access Denied" error message.  What am I missing?  Is this even possible?  I've searched for hours now, but with no luck.

  Thank you for the reply, but I had already tried those suggestions.  Here's what I've tried so far:
  First, as I mentioned before, I've added the admins to the following "User Rights Assignment": "Force shutdown from a remote system" and "Shut down the system".  Then I temporarily added the admins to the "Allow log
  on locally" user rights assignment so that I may log on to the server as the admins and prove that the admins can indeed restart the local server.  From the server console, the admin was able to launch a powershell session and run the "Restart-Computer"
  command, and the server restarted perfectly. 
  So that part worked just fine.  But I would like to get the admins to remotely restart the servers, without granting them the "Allow log on locally".  Another thing I tried, was to create a new remote PSSession, and then run the Restart-Computer
  command from there.  At first, the New-PSSession gave me an access denied error message.  That's when I ran the Get-PSSessionConfiguration command, and I noticed that the "Builtin\Remote Management Users" group was allowed access. 
  So I added the Admins to that group on one of the servers.  Now the New-PSSession command worked.  But the Restart-Computer still gives me an Access Denied error message.
  Here are the commands that I am using.
  First, running the Restart-Computer from the admin's workstation:
  Restart-Computer -ComputerName SERVER01
  Second, running the Restart-Computer command from with a remote PSSession.
  New-PSSession -ComputerName SERVER01
  Enter-PSSession 2
  Restart-Computer
  Either way, I get an access denied message.