Managing and protecting workgroup computers.

You could use Psexec:

http://technet.microsoft.com/en-us/sysinternals/bb897553

and install from the command line:

http://www.sophos.com/support/knowledgebase/article/12570.html

Hello Stuart,

be glad, this makes life thrilling :smileywink:

Default security settings deny remote access with a blank password. For this very reason psexec also won't work. Do you have any means to remotely administer these PCs?

Christian 

LOL remote access!!!  You haven't worked here have you!!:smileyvery-happy  :smileyvery-happy:

We do have VNC installed on some machine but there appears to be issues as they haven't let it through Windows Firewall when setting it up. (Genius!!!)

In short the answer is, sadly, no.:smileymad:  If I did It would make life so much easier as I could setup a local admin user or simply install Sophos locally.

Let the fun begin.

Stuart

From what I heard I'm glad I haven't worked there :smileyvery-happy: - so the machines a practically cut-off, don't nag for a password when someone wants to log on, happily accept anything that's plugged in and have no software which interferes with running interesting applications but at least the firewall prevents attempts to hijack VNC. Great work. OTOH - you seldom find that many opportunities for improving business processes ... sorry, Stuart, couldn't resist.

Guess you don't want to try to hack into the machines - that'd be the only alternative to "on-site action" (although "action" could be as little as downloading and running a "bootstrapping" script or program - but they probably don't trust you).

Good luck

Christian

Thanks Christian

Thought that may be the case.  It was just a call out to see if anyone had any bright ideas.

You have no idea how frustrating it is working here.  Biggest problem is the directors of the company who will not listen to any advice until something goes wrong.   Trust me, something here is going to go bang in a big way and they can't say I haven't warned them.

No user training on IT, data security etc etc,  and a complete disinterested in IT and the value it has to the company. 

Just to put this into context we perform intensive seabed surveys for various clients with all the data collected and stored on PCs.  So IT support is not really an importance to the business!!!! :smileymad:

.......   and relax  ..........

Thanks for your time though guys and just be grateful you are not here like me :smileysad:

Thank god I have a long weekend booked off :smileyvery-happy:

Regards

Stuart

It sounds like you need a virus you can piggy-back a Sophos deployment on!  Joking of course :)

Are there and other managed agents on these machines you can utilize?  Any software on the machines that update from a central location that could possible offer a route to running some sort of task on the machine with administrative rights?

Otherwise, if these machines are used by admin users, you might be best emailing them some simple script to give you back admin rights. As a starter the script could:
 

Create a rule in the firewall to get VNC working again.

Create a new user called Admin with a common password.  Delivering this common password should be secured obviously.  I guess once you have admin rights you can change it centrally.

Possibly deploy SAV with the script by running setup.exe from the CID with the necessary switches.

etc..

Once they've all run it, you should be able to connect I guess.  The only downside is people are so aware these days not to run attachments they'll probably junk it :)  You may want to send out an email in advance to tell them it's coming so they believe it.

Jak