RE(2): Deployment

Ian Cowley Ian.Cowley "at" nfu.org.uk
Thu, 10 Aug 2000 13:11:48 +0000


Yeah, I think a login script would be nice and easy....however, does the
login script have Admin rights on an NT system???

Say a user JBloggs logs onto a machine without VNC on it yet (and JBloggs
has basic user rights), will the login script call to the install.bat have
admin rights so that the install.bat can import the registry settings to
protected areas of the registry?  I'd quite like to know before I start
messing with our logins scripts, as they affect 400 users across 14
different servers...

I found another way to remotely install, although it's not ideal...
Run 'rsetup \\machinename' from an NT server with the RK on...this install
the rconsole server thingie on \\machinename, which allows remote commands
to be carried out.
Then run 
'rclient \\machinename /l:<domain>\<admin user> <admin password> /runbatch
intall.bat'
This runs install.bat on the remote machine, with administrator rights...

The problems are that the admin password is typed into the command prompt in
plain text, and the rconsole server thingie isinstalled as a service by
rsetup - this means any user can use 'rclient \\machinename' and run
commands on \\machinename as themselves.  This isn't too bad, but JBloggs
could use rclient to delete various nonprotected but important files.

Ian Cowley
NFU Computer Services

> -----Original Message-----
> From: Gustafsson, Bjorn [mailto:Bjorn.Gustafsson "at" delaval.com]
> Sent: 09 August 2000 08:54
> To: 'vnc-list "at" uk.research.att.com'
> Subject: RE: RE(2): Deployment
> 
> 
> Yeah. I agree to that.
> Assuming that your client machines (or, well, servers in 
> VNC-lingo) are all
> setup as "standard" machines, i.e. "c:\program files" and so 
> on, the easiest
> way is to write a login-script as such:
> 
> %%yaddayadda, do your usual stuff%%
> if exist "C:\program files\vnc\orwhatever" goto skipinstall
> \\REMOTEMACHINE\install_vnc_server.bat
> :skipinstall
> %%andgoaboutasusual%%
> 
> This will install VNC once for every machine, and you'd 
> better leave it in
> there for a cpl of months (some ppl take really long 
> vacations sometimes),
> to verify that it has been installed on all machines..
> Or you could also use install_vnc_server.bat to place a file 
> somewhere on a
> drive (for example %systemroot%\vnc_installed.txt), and check 
> for that file
> in the login script.
> There are of course lots of things you could to to extend 
> this, for example,
> write a small program (qbasic works fine :) ) that increments 
> a counter in a
> text file somewhere on a server, and use that in 
> install_vnc_server.bat.
> When it reaches 1200, you can pull the plug on it :)
> 
>    /Bjvrn
> 
> -----Original Message-----
> From: Dewar Charles R [mailto:Charles.Dewar "at" LonestarHealth.com]
> Sent: den 8 augusti 2000 22:29
> To: 'vnc-list "at" uk.research.att.com'
> Subject: RE: RE(2): Deployment
> 
> 
> login batch file.
> 
> -----Original Message-----
> From: Roy Verrips [mailto:rverrips "at" hyatt.co.za]
> Sent: Tuesday, August 08, 2000 7:20 AM
> To: vnc-list "at" uk.research.att.com; sn "at" ltsh.de
> Subject: RE(2): Deployment
> 
> 
> Hi All ...
> 
> >> I'm planning to deploy VNC over 1200 NT machines and we 
> are not able to
> >> visit each machine. Has any body know/tried to deploy VNC remotely?
> >> Which are the steps I have to follow?
> 
> Mmm, I have the same question, 'cept for Win95 (Release C 
> with USB support)
> and
> only about 120 of them ...
> 
> Yours
> 
> Roy
> rverrips "at" hyatt.co.za
> 
>         ---ooo---   Internet Confidentiality Statement   ---ooo---
> 
> The information contained in this communication is confidential and is
> intended only for the use of the recipient named above, and 
> may be legally
> privileged and exempt from disclosure under applicable law.  
> If the reader
> of this message is not the intended recipient, you are hereby 
> notified that
> any dissemination, distribution or copying of this communication is
> strictly prohibited.  If you have received this communication 
> in error,
> please resend it to the sender and delete the original 
> message and any copy
> of it from your computer system.  Opinions, conclusions and other
> information in this message that do not relate to our 
> official business
> should be understood as neither given nor endorsed by this company.
> ---------------------------------------------------------------------
> To unsubscribe, send a message with the line: unsubscribe vnc-list
> to majordomo "at" uk.research.att.com
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
> ---------------------------------------------------------------------
> To unsubscribe, send a message with the line: unsubscribe vnc-list
> to majordomo "at" uk.research.att.com
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
> ---------------------------------------------------------------------
> To unsubscribe, send a message with the line: unsubscribe vnc-list
> to majordomo "at" uk.research.att.com
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
> 


**********************************************************************
THIS EMAIL MESSAGE AND INFORMATION IT CONTAINS MAY BE PRIVILEGED AND/OR
CONFIDENTIAL, AND IS FOR THE USE OF THE ADDRESSEE ONLY.
 
UNAUTHORISED USE, DISCLOSURE OR PRINTING OF THE CONTENTS IS PROHIBITED.
IF YOU ARE IN POSSESSION OF THIS EMAIL AND ARE NOT THE ADDRESSEE PLEASE
NOTIFY THE SENDER IMMEDIATELY.
 
ALTHOUGH EVERY EFFORT HAS BEEN MADE TO ENSURE ACCURACY NEITHER THE NFU 
NOR THE AUTHOR CAN ACCEPT LIABILITY FOR ERRORS AND OMISSIONS. (c) NFU
**********************************************************************
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------