changing local admin remotley.
amyamandaallen
Member Posts: 316
in Off-Topic
Hi,
One for the security bods please as I cant think of how to do this ( well TBH have tried a few ways to no avail! )
Our users connect via a VPN. We recentley had some issues with VPN's after the latest WSUS updates. However as we couldnt remote desktop them we had to give them the local laptops admin password to perform the regedit change.
Now we need to change their local admin passwords again to something else to stop 'helpfull' users.
Whilst their connected via vpn is there any way we can change the passwords? We tried MMC'ing to their ip'S NO GOOD.
Various VBS scripts also no good as they only connect to a DMZ and not there actual domain.
Any thoughts?
Many thanks for any info.
Amy.
One for the security bods please as I cant think of how to do this ( well TBH have tried a few ways to no avail! )
Our users connect via a VPN. We recentley had some issues with VPN's after the latest WSUS updates. However as we couldnt remote desktop them we had to give them the local laptops admin password to perform the regedit change.
Now we need to change their local admin passwords again to something else to stop 'helpfull' users.
Whilst their connected via vpn is there any way we can change the passwords? We tried MMC'ing to their ip'S NO GOOD.
Various VBS scripts also no good as they only connect to a DMZ and not there actual domain.
Any thoughts?
Many thanks for any info.
Amy.
Remember I.T. means In Theory ( it should works )
Comments
-
sprkymrk Member Posts: 4,884 ■■■□□□□□□□Well the issue is why can't you use the MMC/Computer Management? Probably because of firewalls running on the remote systems or a problem with routing to computers connected via VPN.
One possible stop-gap measure might be to change the name of the local admin via group policy, so when they connect and download the GPO policies the local admin name will be changed. Yes, they can easily find out what it is but for a normal user it may buy you some time. Another way would be to simply disable the local admin account (also via GPO) so they cannot use it at all. Then the next time the computer is on site you can manually change the password and enable the account.All things are possible, only believe. -
amyamandaallen Member Posts: 316gonna disable them for now.
thanks for the help guys.Remember I.T. means In Theory ( it should works )