WinRMRemoteWMIUsers_ vs. Remote Management Users
Hi,
I'm not sure about the differences between these two local groups on a Windows Server 2012 or if they are nested somehow. Membership in one of these group is sufficient to access a remote server via Server Manager. I can see the 'Remote management users'
group in the PSSessionConfiguration, but I cannot see the WinRMRemoteWMIUsers_. How does it work?
Many thanks!
See the following technet info:
http://technet.microsoft.com/en-us/library/dn579255.aspx#BKMK_WinRMRemoteWMIUsers_
"The WinRMRemoteWMIUsers_ group allows running Windows PowerShell commands remotely whereas the Remote Management Users group is generally used to allow users to manage servers by using the Server Manager console."
Similar Messages
-
Windows Server 2008 - How to remotely manage account passwords?
I'm hoping to get direction on how to remotely manage 'user accounts' on Windows Server 2008 machines. The remote management would be from an automated perspective. For example, I have a custom application (maybe C#, Java, etc) that runs on one
server that makes connections to various 'Windows Server 2008' servers; and I want it to be able to do the following.
Query Windows Server 2008 box for full list of user accounts
Update password for user account
Lock account
Unlock account
Check policy information to find out when password may expire
I'm trying to find out what may already be available and running on Windows Server 2008 that I can take advantage to get this done programmatically.
-WesI agree with Mekac, the gallery should provide a lot of script of what you want to do.
Like ;
https://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27 - Password Expiry Email Notification.
Regards, Philippe
Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
Answer an interesting question ? Create a
wiki article about it! -
Rd230 simple question re remote management module
Hi,
Just purchased and installed rd230. Installed win2008 R2 SP1 (manually...not with easystartup).
I'm reading the user guide for remote management module. Looks great! One thing...how do I setup the RMM???(IP address...etc). It's not in the BIOS setup...I don't see any prompt at boot to enter a config utility for it....any help??
Thanks
M
Solved!
Go to Solution.You will find conrfiguration information and answers to other RMM related questions in
ThinkServer RD230 and RD240 Remote Management User GuideThinkServer RD230 and RD240 Remote Management User Guide:
download.lenovo.com/ibmdl/pub/pc/pccbbs/thinkservers/00697mst.pdf -
How can i prevent users to delete remote management on their IPADs
hello everyone
i have Mac with OS X server i have created profile manager to manage the students I Pad's
students keep deleting the profile remote management profile
anyway to help me to manage their I PADS remotelyWhen configuring a profile in Profile Manager, if you edit the General entry you can set it to require a password before allowing a user to remove the profile. If you don't give users this password then they will not be able to remove it.
-
Mountain Lion Server: add network user to remote management
Hi,
So recently I have upgraded from Lion Server to ML Server. A little disappointing, but whatever, I've moved on and got everything almost back to where I had it with Lion.
My last few issues I believe are related but can't quite figure it out. In Lion I have an admin profile and then a network user profile that I used on my MBP bound with AD. I'm at the stage where my nre network user can log in on the server machine but I can't log in as the network user via screen sharing. I can't add a network user to Remote Management, and with Remote Management enabled Screen Sharing is greyed out. I'd really like this to work.
My second problem is that I can't bind my MBP to the server but even when bound the network user account can't log in.
Any body have any ideas?
Thanks!I had this problem on a clean install.
The solution was incredibly simple for me, but only after I saw Ross.M's note about opening the Users & Groups settings panel (in the OS System Prefs, not in server) and rebinding to OD server under Login Options.
That was not the solution for me, but under Login Options I discovered a previously unnoticed pref for "Allow network users to login at login window." I had this option set (apparently by default) to "Only these network users:" but with an empty list. Adding my users to the list made it work perfectly.
Talk about KISS -
System Image Utility - Create User - Activate Remote Management
When creating an image with system image utility, based on a DVD image instead of a cloned image, I cannot create a user and activate Remote Management.
I have created an installer package with Apple Remote Desktop that is supposed to do both, however it doesn't work. I do not get an error, but no user is created.
I have tried a post-install script however the dscl command is not recognized even if I put the path /usr/bin/dscl.
I even tried to use a popular package out there called "createUser" but that fails as well.
Has anyone had any luck with this when trying to make a moduler image with System Image Utility?
Message was edited by: NeedSomeAnswerAfter configuring all the appropriate settings, I
push the "Create" button and it appears to start
working, prompts me for a location to save the actual
image itself, creates a folder with the default name
and then nothing happens.
ok here's the deal: i created a folder in my OSX server home directory labelled "images" and keep our multiple images there. although you CAN have your images on other drives or on the network, that would take a LOOOOOOOONG time to do the data transfer to the invisible netboot folder on your server. my advice: keep local copies of all images. save a ton of time for yourself, eh?
then, when it's time to use the system image suntility to load up an image, i go to that same location each time, call it up and have the app set to the prefs i want or need. i'm on 10.4.7 server and have had no problem using the software.
so try using images locally and then, if that doesn't work, upgrade to 10.4.7 -
Hello, dear colleagues.
We are using Windows Server 2012 R2 as Remote Desktop Server. Also use Windows Server 2008 R2 with Remote Desktop Service Manager to control RDS user sessions (Send Message, Disconnect, Logoff, Query Info).
Send Message, Disconnect, Logoff options works only for users in Administrators group.
I can't to configure permissions for Remote Desktop Users, specific user or AD group.
To set permissions I'm running RDS Host Configuration on Windows Server 2008 R2 and connect to Windows Server 2012 R2. Then double-click
RDP-Tcp, Security tab, add specific user account , AD group or configure
advanced permissions
for Remote Desktop Users.
But, as I sad above, these options works only for users in Administrators group. How to make it work for Remote Desktop Users or specific user, AD group?
Thanks.
P.S. If move specific user from Remote Desktop Users group to Administrators group on
Windows Server 2012 R2 - it works.Hi,
You can prevent administrators from changing the permissions for a connection by applying the
Do not allow local administrators to customize permissions Group Policy setting.
This Group Policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
Apart there is one command with which you can set the permission for that check the related
article. Additionally checkthis
thread for more detail.
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Remote management under Sharing will not allow me to add admin user
I have just imaged my iMac lab to Lion. I am using Apple Remote Desktop 3.5. (I have used it for several years and know how to set it up and use it.) The problem I am having is adding my admin account to the list of users that are allowed remote management through sharing in system preferences.
The user list shows every other account, but will not show my admin account. I have imaged labs each year and have never experienced this issue. Not sure where to go from here. I am able to log in to each of the systems using the missing admin account but can't add that user to authorize remote management as it isn't listed. The sytems have recently been updated to 10.7.4.
For example, I have these accounts:
Me (admin)
User 1
User 2
User 3
User 4
When I go to system prefs>sharing>remote manage and click the Add to authorize only certain users, I only see User's 1-4. The admin account isn't listed...even if I am not currently logged into that account.
*I have just updated to ARD 3.6.I can add "Administrators" under Remote Login just not Remote Management.
-
ZCM Agent 11.3.x - Remote Management - Windows User Variable
I noticed this back during the initial deployment of 11.3.1, however have not had a chance to comeback to it. Now we are at 11.3.2 and the issue seems to still be.
On login we have a script that runs via a bundle it tracks user, date, time, computer login info to 2 locations, one on the local workstation to a hidden folder and 2 on the network.....
It looks like this in the log file
"pwolfe" , "192.168.x.x" , "LPTP-PWOLFE" , "Tue 02/03/2015" , "11:44:20.05"
What I have noticed is if someone uses ZRM (Zen Remote Management) to manage the workstation / shadow a user for help or any other such thing...the next logon on the box will look like this
"LPTP-PWOLFE$" , "192.168.x.x" , "LPTP-PWOLFE" , "Tue 02/03/2015" , "11:44:20.05"
Notice the user variable went from the username to the computer name with a dollar sign. I would say it could be the script, however see below it works fine with the old agent installed.
If you reboot the computer its fine, you can login and out time after time and it will display correctly. However if someone remote manages the computer it is broke until the next restart.
here is the script that runs:
for /f "Tokens=2 Delims=[]" %%i in ('ping -4 -n 1 "%computername%"') do set IP=%%i
Echo "%username%" , "%IP%" , "%ComputerName%" , "%date%" , "%Time%" >>"\\192.168.x.x\support\utilities\logfiles\IPaddr essLog.txt"
Echo "%username%" , "%IP%" , "%ComputerName%" , "%date%" , "%Time%" >>"C:\Utilities\IPaddressLog.txt"
This is being called as a launch item under a user run bundle, it is set to run as logged in user.
This is not happening on the older 11.2.4 separate Zone / server setup that is still in use for the majority of people. Just on the newer 11.3.x environment.
If I remove the 11.3.x agent and install the 11.2.4 agent and point it to the old environment / server it works fine.
Any ideas?
Thanks,
PatrickOriginally Posted by CRAIGDWILSON
What happens if you create a Shortcut to this bundle and run it manually after the desktop is up and active? (after a RC session that messes stuff up?)
What happens if you create a bundle that runs "cmd.exe" as logged on user and run it manually while this other bundle is having issues? (type "set" from the cmd session....)
Thanks Craig,
I finally got some time to look at this again.
It appears on the first logon to a computer it runs correctly, if a Remote Management session takes place and once logged off and a log in is initiated you get the incorrect information. If you run the application from the Zen App Window it displays correctly. If you reboot the computer it works as expected for the first logon and then stops working if a remote session is initiated.
3 Straight logons, the 4th entry is when I ran it manually from the zen app window:
"pwolfe" , "192.168.30.75 " , "TDLARM280-50125" , "Tue 03/03/2015" , "14:53:33.77"
"TDLARM280-50125$" , "192.168.30.75 " , "TDLARM280-50125" , "Tue 03/03/2015" , "14:54:51.09"
"TDLARM280-50125$" , "192.168.30.75 " , "TDLARM280-50125" , "Tue 03/03/2015" , "14:57:24.29"
"pwolfe" , "192.168.30.75 " , "TDLARM280-50125" , "Tue 03/03/2015" , "14:58:22.51"
Here is the "Set" CMD
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\pwolfe\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=TDLARM280-50125
ComSpec=C:\Windows\system32\cmd.exe
DEFLOGDIR=C:\ProgramData\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\pwolfe
LOCALAPPDATA=C:\Users\pwolfe\AppData\Local
LOGONSERVER=\\TDLARM280-50125
NUMBER_OF_PROCESSORS=4
NWLANGUAGE=ENGLISH
NWUSERNAME=pwolfe
OS=Windows_NT
Path=C:\ProgramData\Oracle\Java\javapath;C:\Progra m Files (x86)\Intel\iCLS Clien
t\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows
\System32\Wbem;C:\Windows\System32\WindowsPowerShe ll\v1.0\;C:\Program Files\Inte
l\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Mana
gement Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management En
gine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Comp
onents\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Progra
m Files (x86)\Novell\ZENworks\bin;C:\Program Files (x86)\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH;.MSC
PROCESSOR_ARCHITECTURE=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=3a09
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PSModulePath=C:\Windows\system32\WindowsPowerShell \v1.0\Modules\
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\pwolfe\AppData\Local\Temp
TMP=C:\Users\pwolfe\AppData\Local\Temp
USERDOMAIN=TDLARM280-50125
USERNAME=pwolfe
USERPROFILE=C:\Users\pwolfe
VSEDEFLOGDIR=C:\ProgramData\McAfee\DesktopProtecti on
windir=C:\Windows
WINDOWS_LOGIN=0
windows_tracing_flags=3
windows_tracing_logfile=C:\BVTBin\Tests\installpac kage\csilogfile.log
ZENWORKS_HOME=C:\Program Files (x86)\Novell\ZENworks -
Enable Remote Management in Single-User Mode
Hi,
I would like to know how to enable Remote Management option (System Preferences > Sharing) in single-user mode.
Thanks in advance
RegardsIf ssh won't get you where you want and brute-force loading the various plists isn't working for your case (as mentioned, error messages and details might help), then AFAIK, fully remote-managing a Mac usually involves adding a network-capable power switch and an outboard network-capable KVM adapter. (The Xserve was the last box with (limited) remote-management capabilities, and there's not been any indication that Apple might be releasing systems with Intel AMT (iAMT, vPro) support available and enabled.)
-
Script that enables Remote Management and adds user
I need to make a script that can enable Remote Management and add a user to control it.
I have tried to watch which plist files it uses so I could edit those.
It writes some text in com.apple.RemoteManagement.plist and com.apple.ARDAgent.plist bit I can't find where the user is added.
Any ideas guys
ThanksNo need to mess around with .plists. ARD has a command-line admin tool. The syntax is a little funky, but this should give you an idea:
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/k ickstart -activate -configure -access -on -users john -restart -agent -privs -all
This is all covered in more detail in Apple's technote. -
Remote Management Multi-User security issue
Hello,
This issue concerns both Mountain Lion and Lion servers. If I'm not mistaken, the issue is also officially described by Apple in the Lion release about Remote Managemenr vs Screen Sharing features.
My question is simple and yet unanswered after hundreds of Internet searches:
Why on earth a non-Admin user has the right to Share and Control the screen of another (Admin) user being logged-in a (Mountain) Lion server? It looks like the trick is that "Remote Management" instead of "Screen Sharing" is active. So what? Why a non-Admin should be allowed at all to view another users desktop just by typing-in his/her own credentials?
Am I missing something or is Apple really out-of-security context? Our admin devoted significant effort to arrange access for the shared directories. For what? To find out that the Screen Sharing security under ARD Management (Remote Management) is non-existent?
Am I terribly wrong?
Any feedback will be highly appreciated.
D.http://www.apple.com/feedback/
-
How to programmatically manage Remote Desktop Users?
Hi,
I want to know if it esists a method to programmatically set/get the Remote Desktop Users list, such as add/remove an user and so on.
Thank you all in advance
Best Regards
AntoninoHi,
first of all, I want to thank you for reply. But, what I'm looking for is to programmatically view the list of the users for the Remote Desktop Control. With Remote Desktop Control I mean the way I let some other users over the network to operate with my own desktop in Windows XP (that is what you find in system->properties->remote desktop->advanced...and so on).
Antonino -
Setting up Remote Management for external users
Hi All,
We currently have a zenworks 10.3 environment set up and all appears to be working well on the LAN with regards to being able to remote control machines etc. We are now looking to expand the remote control to enable support staff to remote control machines outside of our LAN.
From what I understand so far through reading the zenworks documentation, is that we would need some kind of proxy server setup in the DMZ that will listen for requests from the client device and forward these on to the agent. There will inevitably need to be firewall changes etc etc... but i guess my question is to you guys who I expect have set some this up in your own environments, is how have you guys gone about achieving this? Its evident that there may be more than one way to achieve this, but would be useful to know the correct way of doing this?
I know the question is a little vague, but this is the first time we’ve looked into the remote management externally - and this is where all the knowledge is :)
ThanksMartyu89,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/ -
How can I use Windows IAS to validate WLC management users?
I am having a problem using my Windows IAS radius server to validate management users for my 2112 Wireless Lan Controller.
I have defined the radius server and it works ok with the policy for validating wireless clients but not for WLC management users.
The Remote access policy seems to be set up correctly as the event viewer on the server shows:-
Event Type: Information
Event Source: IAS
Event Category: None
Event ID: 1
Date: 09/02/2011
Time: 11:06:06
User: N/A
Computer: UK01DC07
Description:
User xxxxxx was granted access.
Fully-Qualified-User-Name = TRAVEL.OAG.com/Dunstable Admins/xxxxxx
NAS-IP-Address = 10.10.45.210
NAS-Identifier = UK03NM01
Client-Friendly-Name = UK03NM01
Client-IP-Address = 10.10.45.210
Calling-Station-Identifier = <not present>
NAS-Port-Type = <not present>
NAS-Port = <not present>
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = UK03NM01 - login
Authentication-Type = PAP
EAP-Type = <undetermined>
But, the WLC log shows:
*Feb 09 11:06:06.612: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2104 Login failed. User:xxxxxx. Service-Type is not present or it doesn't allow READ/WRITE permission..
The WLC just returns the login screen
Any thoughts?
Thanks in advance
RichardEvent viewer shows :
Event Type: Information
Event Source: IAS
Event Category: None
Event ID: 1
Date: 10/02/2011
Time: 08:49:39
User: N/A
Computer: UK01DC07
Description:
User xxxxxxxx was granted access.
Fully-Qualified-User-Name = TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx
NAS-IP-Address = 10.10.45.210
NAS-Identifier = UK03NM01
Client-Friendly-Name = UK03NM01
Client-IP-Address = 10.10.45.210
Calling-Station-Identifier =
NAS-Port-Type =
NAS-Port =
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server =
Policy-Name = UK03NM01 - login
Authentication-Type = PAP
EAP-Type =
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 ....
and IAS log shows:
"UK01DC07","IAS",02/10/2011,08:49:39,1,"xxxxxxxx","TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx",,,,,"UK03NM01","10.10.45.210",,0,"10.10.45.210","UK03NM01",,,,,,7,1,"UK03NM01 - login",0,"311 1 10.10.45.254 12/04/2010 23:56:59 1987",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
"UK01DC07","IAS",02/10/2011,08:49:39,2,,"TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx",,,,,,,,0,"10.10.45.210","UK03NM01",,,,,,2,1,"UK03NM01 - login",0,"311 1 10.10.45.254 12/04/2010 23:56:59 1987",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
It appears to me that IAS checks and passes the username/password as being valid but this response is ignored by the WLC
Richard
Maybe you are looking for
-
Hello, I want to ask whether some of you ever experience the same problem with me or not.. Earlier this day, my iPad mini was hang. And then I tried to turn it off by pressing the home and power button together. I waited for several minutes and then
-
I have two Apple ID's and I want to combine the itunes file so that they are on one computer and I can sync all the files to my ipod. Is that possible?? Help!
-
HT2500 How do I change default color and font
Trying to change the default font color of my font when I reply or compose a message and the font window will allow me to change the font style but the color won't budge. d
-
EP6.0.2 Create new workflow template with graphical editor
Hi! In the EP6 Content (Administration -> Workflow Content -> Workflow Templates) you can find an iview to generate templates for ad-hoc (java-) workflows. After installation the button "Create New Template" is disabled. How can I configure the EP to
-
Error when install Windows 7 2nd time [ boot screen coming always ]
When I install windows 7 for 2nd time, I can`t continue installing because of, a boot a screen coming always. It is, choose a OS to continue and auto installation of windows 7 can`t run. Please help me.