WinRMRemoteWMIUsers_ vs. Remote Management Users

Similar Messages

• Windows Server 2008 - How to remotely manage account passwords?

  I'm hoping to get direction on how to remotely manage 'user accounts' on Windows Server 2008 machines.  The remote management would be from an automated perspective.  For example, I have a custom application (maybe C#, Java, etc) that runs on one
  server that makes connections to various 'Windows Server 2008' servers; and I want it to be able to do the following.
  Query Windows Server 2008 box for full list of user accounts
  Update password for user account
  Lock account
  Unlock account
  Check policy information to find out when password may expire
  I'm trying to find out what may already be available and running on Windows Server 2008 that I can take advantage to get this done programmatically.
  -Wes

  I agree with Mekac, the gallery should provide a lot of script of what you want to do.
  Like ;
  https://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27 - Password Expiry Email Notification.
  Regards, Philippe
  Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
  Answer an interesting question ? Create a
  wiki article about it!

• Rd230 simple question re remote management module

  Hi,
  Just purchased and installed rd230. Installed win2008 R2 SP1 (manually...not with easystartup).
  I'm reading the user guide for remote management module. Looks great! One thing...how do I setup the RMM???(IP address...etc). It's not in the BIOS setup...I don't see any prompt at boot to enter a config utility for it....any help??
  Thanks
  M
  Solved!
  Go to Solution.

  You will find conrfiguration information and answers to other RMM related questions in
  ThinkServer RD230 and RD240 Remote Management User GuideThinkServer RD230 and RD240 Remote Management User Guide:
  download.lenovo.com/ibmdl/pub/pc/pccbbs/thinkservers/00697mst.pdf

• How can i prevent users to delete remote management on their IPADs

  hello everyone
  i have Mac with OS X server i have created profile manager to manage the students I Pad's
  students keep deleting the profile remote management profile
  anyway to help me to manage their I PADS remotely 

  When configuring a profile in Profile Manager, if you edit the General entry you can set it to require a password before allowing a user to remove the profile. If you don't give users this password then they will not be able to remove it.

• Mountain Lion Server: add network user to remote management

  Hi,
  So recently I have upgraded from Lion Server to ML Server. A little disappointing, but whatever, I've moved on and got everything almost back to where I had it with Lion.
  My last few issues I believe are related but can't quite figure it out. In Lion I have an admin profile and then a network user profile that I used on my MBP bound with AD. I'm at the stage where my nre network user can log in on the server machine but I can't log in as the network user via screen sharing. I can't add a network user to Remote Management, and with Remote Management enabled Screen Sharing is greyed out. I'd really like this to work.
  My second problem is that I can't bind my MBP to the server but even when bound the network user account can't log in.
  Any body have  any ideas?
  Thanks!

  I had this problem on a clean install.
  The solution was incredibly simple for me, but only  after I saw Ross.M's note about opening the Users & Groups settings panel (in the OS System Prefs, not in server) and rebinding to OD server under Login Options.
  That was not the solution for me, but under Login Options I discovered a previously unnoticed pref for "Allow network users to login at login window."  I had this option set (apparently by default) to "Only these network users:"  but with an empty list.  Adding my users to the list made it work perfectly.
  Talk about KISS

• System Image Utility - Create User - Activate Remote Management

  When creating an image with system image utility, based on a DVD image instead of a cloned image, I cannot create a user and activate Remote Management.
  I have created an installer package with Apple Remote Desktop that is supposed to do both, however it doesn't work. I do not get an error, but no user is created.
  I have tried a post-install script however the dscl command is not recognized even if I put the path /usr/bin/dscl.
  I even tried to use a popular package out there called "createUser" but that fails as well.
  Has anyone had any luck with this when trying to make a moduler image with System Image Utility?
  Message was edited by: NeedSomeAnswer

  After configuring all the appropriate settings, I
  push the "Create" button and it appears to start
  working, prompts me for a location to save the actual
  image itself, creates a folder with the default name
  and then nothing happens.
  ok here's the deal: i created a folder in my OSX server home directory labelled "images" and keep our multiple images there. although you CAN have your images on other drives or on the network, that would take a LOOOOOOOONG time to do the data transfer to the invisible netboot folder on your server. my advice: keep local copies of all images. save a ton of time for yourself, eh?
  then, when it's time to use the system image suntility to load up an image, i go to that same location each time, call it up and have the app set to the prefs i want or need. i'm on 10.4.7 server and have had no problem using the software.
  so try using images locally and then, if that doesn't work, upgrade to 10.4.7

• Remote Desktop Service Manager - configure permissions for Remote Desktop Users to Send Message, Disconnect, Logoff

  Hello, dear colleagues.
  We are using Windows Server 2012 R2 as Remote Desktop Server. Also use Windows Server 2008 R2 with Remote Desktop Service Manager to control RDS user sessions (Send Message, Disconnect, Logoff, Query Info). 
  Send Message, Disconnect, Logoff options works only for users in Administrators group.
  I can't to configure permissions for Remote Desktop Users, specific user or AD group. 
  To set permissions I'm running RDS Host Configuration on Windows Server 2008 R2 and connect to Windows Server 2012 R2. Then double-click
  RDP-Tcp, Security tab, add specific user account , AD group or configure
  advanced permissions
  for Remote Desktop Users.  
  But, as I sad above, these options works only for users in Administrators group. How to make it work for Remote Desktop Users or specific user, AD group?
  Thanks.
  P.S. If move specific user from Remote Desktop Users group to Administrators group on
  Windows Server 2012 R2 - it works. 

  Hi,
  You can prevent administrators from changing the permissions for a connection by applying the
  Do not allow local administrators to customize permissions Group Policy setting. 
  This Group Policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
  Apart there is one command with which you can set the permission for that check the related
  article. Additionally checkthis
  thread for more detail.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Remote management under Sharing will not allow me to add admin user

  I have just imaged my iMac lab to Lion. I am using Apple Remote Desktop 3.5. (I have used it for several years and know how to set it up and use it.) The problem I am having is adding my admin account to the list of users that are allowed remote management through sharing in system preferences.
  The user list shows every other account, but will not show my admin account. I have imaged labs each year and have never experienced this issue. Not sure where to go from here. I am able to log in to each of the systems using the missing admin account but can't add that user to authorize remote management as it isn't listed. The sytems have recently been updated to 10.7.4.
  For example, I have these accounts:
  Me (admin)
  User 1
  User 2
  User 3
  User 4
  When I go to system prefs>sharing>remote manage and click the Add to authorize only certain users, I only see User's 1-4. The admin account isn't listed...even if I am not currently logged into that account.
  *I have just updated to ARD 3.6.

  I can add "Administrators" under Remote Login just not Remote Management.

• ZCM Agent 11.3.x - Remote Management - Windows User Variable

  I noticed this back during the initial deployment of 11.3.1, however have not had a chance to comeback to it. Now we are at 11.3.2 and the issue seems to still be.
  On login we have a script that runs via a bundle it tracks user, date, time, computer login info to 2 locations, one on the local workstation to a hidden folder and 2 on the network.....
  It looks like this in the log file
  "pwolfe" , "192.168.x.x" , "LPTP-PWOLFE" , "Tue 02/03/2015" , "11:44:20.05"
  What I have noticed is if someone uses ZRM (Zen Remote Management) to manage the workstation / shadow a user for help or any other such thing...the next logon on the box will look like this
  "LPTP-PWOLFE$" , "192.168.x.x" , "LPTP-PWOLFE" , "Tue 02/03/2015" , "11:44:20.05"
  Notice the user variable went from the username to the computer name with a dollar sign. I would say it could be the script, however see below it works fine with the old agent installed.
  If you reboot the computer its fine, you can login and out time after time and it will display correctly. However if someone remote manages the computer it is broke until the next restart.
  here is the script that runs:
  for /f "Tokens=2 Delims=[]" %%i in ('ping -4 -n 1 "%computername%"') do set IP=%%i
  Echo "%username%" , "%IP%" , "%ComputerName%" , "%date%" , "%Time%" >>"\\192.168.x.x\support\utilities\logfiles\IPaddr essLog.txt"
  Echo "%username%" , "%IP%" , "%ComputerName%" , "%date%" , "%Time%" >>"C:\Utilities\IPaddressLog.txt"
  This is being called as a launch item under a user run bundle, it is set to run as logged in user.
  This is not happening on the older 11.2.4 separate Zone / server setup that is still in use for the majority of people. Just on the newer 11.3.x environment.
  If I remove the 11.3.x agent and install the 11.2.4 agent and point it to the old environment / server it works fine.
  Any ideas?
  Thanks,
  Patrick

  Originally Posted by CRAIGDWILSON
  What happens if you create a Shortcut to this bundle and run it manually after the desktop is up and active? (after a RC session that messes stuff up?)
  What happens if you create a bundle that runs "cmd.exe" as logged on user and run it manually while this other bundle is having issues? (type "set" from the cmd session....)
  Thanks Craig,
  I finally got some time to look at this again.
  It appears on the first logon to a computer it runs correctly, if a Remote Management session takes place and once logged off and a log in is initiated you get the incorrect information. If you run the application from the Zen App Window it displays correctly. If you reboot the computer it works as expected for the first logon and then stops working if a remote session is initiated.
  3 Straight logons, the 4th entry is when I ran it manually from the zen app window:
  "pwolfe" , "192.168.30.75 " , "TDLARM280-50125" , "Tue 03/03/2015" , "14:53:33.77"
  "TDLARM280-50125$" , "192.168.30.75 " , "TDLARM280-50125" , "Tue 03/03/2015" , "14:54:51.09"
  "TDLARM280-50125$" , "192.168.30.75 " , "TDLARM280-50125" , "Tue 03/03/2015" , "14:57:24.29"
  "pwolfe" , "192.168.30.75 " , "TDLARM280-50125" , "Tue 03/03/2015" , "14:58:22.51"
  Here is the "Set" CMD
  ALLUSERSPROFILE=C:\ProgramData
  APPDATA=C:\Users\pwolfe\AppData\Roaming
  CommonProgramFiles=C:\Program Files\Common Files
  CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
  CommonProgramW6432=C:\Program Files\Common Files
  COMPUTERNAME=TDLARM280-50125
  ComSpec=C:\Windows\system32\cmd.exe
  DEFLOGDIR=C:\ProgramData\McAfee\DesktopProtection
  FP_NO_HOST_CHECK=NO
  HOMEDRIVE=C:
  HOMEPATH=\Users\pwolfe
  LOCALAPPDATA=C:\Users\pwolfe\AppData\Local
  LOGONSERVER=\\TDLARM280-50125
  NUMBER_OF_PROCESSORS=4
  NWLANGUAGE=ENGLISH
  NWUSERNAME=pwolfe
  OS=Windows_NT
  Path=C:\ProgramData\Oracle\Java\javapath;C:\Progra m Files (x86)\Intel\iCLS Clien
  t\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows
  \System32\Wbem;C:\Windows\System32\WindowsPowerShe ll\v1.0\;C:\Program Files\Inte
  l\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Mana
  gement Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management En
  gine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Comp
  onents\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Progra
  m Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\QuickTime\QTSystem\
  PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH;.MSC
  PROCESSOR_ARCHITECTURE=AMD64
  PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
  PROCESSOR_LEVEL=6
  PROCESSOR_REVISION=3a09
  ProgramData=C:\ProgramData
  ProgramFiles=C:\Program Files
  ProgramFiles(x86)=C:\Program Files (x86)
  ProgramW6432=C:\Program Files
  PROMPT=$P$G
  PSModulePath=C:\Windows\system32\WindowsPowerShell \v1.0\Modules\
  PUBLIC=C:\Users\Public
  SESSIONNAME=Console
  SystemDrive=C:
  SystemRoot=C:\Windows
  TEMP=C:\Users\pwolfe\AppData\Local\Temp
  TMP=C:\Users\pwolfe\AppData\Local\Temp
  USERDOMAIN=TDLARM280-50125
  USERNAME=pwolfe
  USERPROFILE=C:\Users\pwolfe
  VSEDEFLOGDIR=C:\ProgramData\McAfee\DesktopProtecti on
  windir=C:\Windows
  WINDOWS_LOGIN=0
  windows_tracing_flags=3
  windows_tracing_logfile=C:\BVTBin\Tests\installpac kage\csilogfile.log
  ZENWORKS_HOME=C:\Program Files (x86)\Novell\ZENworks

• Enable Remote Management in Single-User Mode

  Hi,
  I would like to know how to enable Remote Management option (System Preferences > Sharing) in single-user mode.
  Thanks in advance
  Regards

  If ssh won't get you where you want and brute-force loading the various plists isn't working for your case (as mentioned, error messages and details might help), then AFAIK, fully remote-managing a Mac usually involves adding a network-capable power switch and an outboard network-capable KVM adapter.  (The Xserve was the last box with (limited) remote-management capabilities, and there's not been any indication that Apple might be releasing systems with Intel AMT (iAMT, vPro) support available and enabled.)

• Script that enables Remote Management and adds user

  I need to make a script that can enable Remote Management and add a user to control it.
  I have tried to watch which plist files it uses so I could edit those.
  It writes some text in com.apple.RemoteManagement.plist and com.apple.ARDAgent.plist bit I can't find where the user is added.
  Any ideas guys
  Thanks

  No need to mess around with .plists. ARD has a command-line admin tool. The syntax is a little funky, but this should give you an idea:
  $ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/k ickstart -activate -configure -access -on -users john -restart -agent -privs -all
  This is all covered in more detail in Apple's technote.

• Remote Management Multi-User security issue

  Hello,
  This issue concerns both Mountain Lion and Lion servers. If I'm not mistaken, the issue is also officially described by Apple in the Lion release about Remote Managemenr vs Screen Sharing features.
  My question is simple and yet unanswered after hundreds of Internet searches:
  Why on earth a non-Admin user has the right to Share and Control the screen of another (Admin) user being logged-in a (Mountain) Lion server? It looks like the trick is that "Remote Management" instead of "Screen Sharing" is active. So what? Why a non-Admin should be allowed at all to view another users desktop just by typing-in his/her own credentials?
  Am I missing something or is Apple really out-of-security context? Our admin devoted significant effort to arrange access for the shared directories. For what? To find out that the Screen Sharing security under ARD Management (Remote Management) is non-existent?
  Am I terribly wrong?
  Any feedback will be highly appreciated.
  D.

  http://www.apple.com/feedback/

• How to programmatically manage Remote Desktop Users?

  Hi,
  I want to know if it esists a method to programmatically set/get the Remote Desktop Users list, such as add/remove an user and so on.
  Thank you all in advance
  Best Regards
  Antonino

  Hi,
  first of all, I want to thank you for reply. But, what I'm looking for is to programmatically view the list of the users for the Remote Desktop Control. With Remote Desktop Control I mean the way I let some other users over the network to operate with my own desktop in Windows XP (that is what you find in system->properties->remote desktop->advanced...and so on).
  Antonino

• Setting up Remote Management for external users

  Hi All,
  We currently have a zenworks 10.3 environment set up and all appears to be working well on the LAN with regards to being able to remote control machines etc. We are now looking to expand the remote control to enable support staff to remote control machines outside of our LAN.
  From what I understand so far through reading the zenworks documentation, is that we would need some kind of proxy server setup in the DMZ that will listen for requests from the client device and forward these on to the agent. There will inevitably need to be firewall changes etc etc... but i guess my question is to you guys who I expect have set some this up in your own environments, is how have you guys gone about achieving this? Its evident that there may be more than one way to achieve this, but would be useful to know the correct way of doing this?
  I know the question is a little vague, but this is the first time we’ve looked into the remote management externally - and this is where all the knowledge is :)
  Thanks

  Martyu89,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/

• How can I use Windows IAS to validate WLC management users?

  I am having a problem using my Windows IAS radius server to validate management users for my 2112 Wireless Lan Controller.
  I have defined the radius server and it works ok with the policy for validating wireless clients but not for WLC management users.
  The Remote access policy seems to be set up correctly as the event viewer on the server shows:-
  Event Type: Information
  Event Source: IAS
  Event Category: None
  Event ID: 1
  Date:  09/02/2011
  Time:  11:06:06
  User:  N/A
  Computer: UK01DC07
  Description:
  User xxxxxx was granted access.
  Fully-Qualified-User-Name = TRAVEL.OAG.com/Dunstable Admins/xxxxxx
  NAS-IP-Address = 10.10.45.210
  NAS-Identifier = UK03NM01
  Client-Friendly-Name = UK03NM01
  Client-IP-Address = 10.10.45.210
  Calling-Station-Identifier = <not present>
  NAS-Port-Type = <not present>
  NAS-Port = <not present>
  Proxy-Policy-Name = Use Windows authentication for all users
  Authentication-Provider = Windows
  Authentication-Server = <undetermined>
  Policy-Name = UK03NM01 - login
  Authentication-Type = PAP
  EAP-Type = <undetermined>
  But, the WLC log shows:
  *Feb 09 11:06:06.612: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2104 Login failed. User:xxxxxx. Service-Type is not present or it doesn't allow READ/WRITE permission..
  The WLC just returns the login screen
  Any thoughts?
  Thanks in advance
  Richard

  Event viewer shows :
  Event Type: Information
  Event Source: IAS
  Event Category: None
  Event ID: 1
  Date:  10/02/2011
  Time:  08:49:39
  User:  N/A
  Computer: UK01DC07
  Description:
  User xxxxxxxx was granted access.
  Fully-Qualified-User-Name = TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx
  NAS-IP-Address = 10.10.45.210
  NAS-Identifier = UK03NM01
  Client-Friendly-Name = UK03NM01
  Client-IP-Address = 10.10.45.210
  Calling-Station-Identifier =
  NAS-Port-Type =
  NAS-Port =
  Proxy-Policy-Name = Use Windows authentication for all users
  Authentication-Provider = Windows
  Authentication-Server =
  Policy-Name = UK03NM01 - login
  Authentication-Type = PAP
  EAP-Type =
  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  Data:
  0000: 00 00 00 00               ....   
  and IAS log shows:
  "UK01DC07","IAS",02/10/2011,08:49:39,1,"xxxxxxxx","TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx",,,,,"UK03NM01","10.10.45.210",,0,"10.10.45.210","UK03NM01",,,,,,7,1,"UK03NM01 - login",0,"311 1 10.10.45.254 12/04/2010 23:56:59 1987",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
  "UK01DC07","IAS",02/10/2011,08:49:39,2,,"TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx",,,,,,,,0,"10.10.45.210","UK03NM01",,,,,,2,1,"UK03NM01 - login",0,"311 1 10.10.45.254 12/04/2010 23:56:59 1987",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
  It appears to me that IAS checks and passes the username/password as being valid but this response is ignored by the WLC
  Richard