Friday, October 17, 2008

[THIN] Re: OT: Logon with variable question

You should be able to do this fairly easily…  You could have Altiris run a script that launches PSEXEC script using your local admin credentials.  If PSEXEC reports back an error then have your Altiris script exit with an exit code.  You’ll be able take that exit code and do the next task accordingly.

 

Joe

 

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Adam Granatela
Sent: Friday, October 17, 2008 2:49 PM
To: thin@freelists.org
Subject: [THIN] Re: OT: Logon with variable question

 

Trying to lose my mind?

Trying to validate that a password change has worked successfully, if you can believe that.

Management has dictated that all local admin passwords on all servers need to be changed.  Management also wants a list of all servers that the password change didn't work on.  Management insists we use Altiris for this.

Altiris job 1: runs as a local sysetm account...runs pspasswd from MS/sysinternals to change the password for our renamed sysadmin account.  There's no way to report back to Altiris whether this worked or not.  Altiris = stab me in the eye with a wooden spoon, just if the job kicked off ok or not.  So in theory Altiris could kick off the command, report back that it worked fine, but in reality the pspasswrd command failed.

Altiris job 2: send a "dummy" job to each server, but have it login with the new password for the local sys admin.  That way the ones that do fail end up failing as a direct result of the new password not working, and we have our remediation list.

Altiris is going to give me an ulcer.

Before we get any further let me say that I have some working scripts with logs that will give me all the info I need, but since these can't be run through Altiris, I'm not allowed to use them.  So, as much as I'd like to discuss the 57,304 ways that are better to change passwords on 1500 servers other than Altiris, I simply can't.  Did I mention that in some language Altiris is the word for spawn of the devil?

So there it is...The good news is that the building has a clock tower that goes up a good 18 floors.  If I time my swan dive just right I think I can create a spectacular traffic accident.

Adam

On Fri, Oct 17, 2008 at 4:40 PM, Joe Shonk <joe.shonk@gmail.com> wrote:

What exactly are you trying to do that you need to be logged into the console as a local administrator instead of an administrator on the domain?

 

Joe

 

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Adam Granatela
Sent: Friday, October 17, 2008 1:58 PM
To: thin@freelists.org
Subject: [THIN] Re: OT: Logon with variable question

 

Hi thanks for the reply.  What I'm looking to do is fire off a job from Altiris but I want it to login with the local administrator for each server.

In Altiris there's a "user domain" box that has to have something in it (i.e., it won't work if it is left blank), and then username/password.  For everything done in our environment with Altiris we either use a service account, a domain admin account, or just set it to "system account".

However, for this one I want it to specifically login with the local administrator account for each machine.  So far none of the variables have worked.  So then I went to the local console of a machine and tried various logon methods and found that even there, %computername%\adamg or %userdomain%\adamg don't work, even though if I login with adamg/password/computername on their respective lines in the logon dialog, when I go to look at system variables, both of those are set to the current computer name.

Any other ideas? 

Adam

On Fri, Oct 17, 2008 at 3:49 PM, Raffensberger, Stephen D <sraffens@sovereignbank.com> wrote:

Adam,

 

I fight the opposite battle but you can probably use what I use.

 

Set HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultDomainName to your "server1" name.

Then just login with a simple adamg and it will default to server1\adamg.

 

Actually, all you have to do is log on at the physical console using a local account and it will switch this for you.

Trouble is, whenever someone else logs onto the console using the domain, it will reverse it for you. I periodically run a batch file that sets it the way I want it.

 

HTH

 

Steve Raffensberger

Citrix Administrator

Sovereign Bank

1125 Berkshire Boulevard

Wyomissing, PA 19610

email: sraffens@sovereignbank.com

 


From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Adam Granatela
Sent: Friday, October 17, 2008 4:35 PM
To: thin@freelists.org
Subject: [THIN] OT: Logon with variable question

 

Hey everyone, hope all is well.  I have another strange request that I was wondering if anyone has any insight on.

I'm looking for a way to use a variable to pull in the current computer name of a machine, but at login time.

In a standard 3 line Windows 2000/2003 server login screen I can login with something like:

server1\adamg
password
<third line for domain/local machine is grayed out>

Is there any way I can use a variable instead of "server1" up there so that the current servername is put in?  I've tried:

%computername%\adamg
%userdomain%\adamg

and a few other things including double %%, .\adamg, and quotes in various places.  If anyone wants an explanation as to why I need this I can go into that, but I've narrowed things down to the point where if I could pull in the current servername using a variable that it will give me everything I need.  Any ideas?  Thanks!

Adam


This message contains information which may be confidential and privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete or destroy the message. Thank you.

 

 

No comments: