Re: trying to install advanced client

In a locked down network, group policy is usually the only automated method
that is left over.

All other methods depend on either the admin$ share to be present, or the
user having local admin privileges, 2 things that are generally not allowed
in a locked down network.
And something that is bound to become more & more of a problem in our
security push environment

--
Kim Oppalfens
Telindus Belgium
MVP Windows Server System - SMS
"Kerwin Medina [MSFT]" <kerwinm@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:uNYLkB3yFHA.2644@xxxxxxxxxxxxxxxxxxxxxxx
> For push install, the Admin$ share is 'required'. So is the access to the
> registry and the service control manager.
>
> If you can't do push, you might want to try group policy. There is always
> the manual install option too.
>
> "Nathan" <Nathan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:C8461076-A4CE-48DF-90C1-2B4C484B92A1@xxxxxxxxxxxxxxxx
>> Sorry it's been awhile - got sidetracked on another project.
>> Yes to the first 3 questions
>> No to the last 3 questions
>>
>> One thing I have found so far is that there is no Admin$ share on client
>> machines. It is a classified network and every-time I do a client
>> install
>> push or and advertised program to push the advanced client; the ccm.log
>> on
>> the SMS site server logs:
>>
>> Attempting to connect to administrative share on machine \\machine\admin$
>> Error unable to connect to the remote registry of the machine
>> Error unable to access target machine for request
>>
>> Is there a way to install the advanced clients without the Admin$ share
>> present on the client machines? It is a classified network and the
>> Admin's
>> will not allow Admin$ to be shared or created. (And I wouldn't think SMS
>> is
>> soley dependant on the Admin$ share, as there have to be other networks
>> "locked" down such as this)
>>
>> Also anyone with any information on setting up patch management in a
>> "disconnected network" configuration? IE: I did it sucessfully with WSUS
>> by
>> exporting the WSUS content and metabase from a "live" network and
>> importing
>> into the WSUS on "disconnected" network. WSUS has helped with the
>> patching,
>> but I really need SMS to "complete" the patch management solution. So
>> far I
>> am unable to install the SMS2003 scan tools, as the installtion wizards
>> attempts to connect to the internet to download the .xml files - but
>> there is
>> no internet connection - and the wizard will not continue or allow for a
>> manual import during installation.
>>
>>
>> Any help is appreciated.
>>
>>
>>
>> --
>> Nate
>>
>>
>> "Anthony Puca" wrote:
>>
>>> Let me start with Basic ?'s...
>>> Did you do AD Schema Extensions?
>>> If so, did you set the ACL on the AD Systems/Systems Management
>>> container?
>>> Are you doing Adv. Security?
>>> Are your clients running Windows Firewall or any other 3rd party
>>> firewall?
>>> Are the clients running any form of Anti-Spyware software?
>>> When you push to a client, does it get the System32\ccmsetup folder?
>>>
>>> --
>>> Anthony Puca
>>> MCSE, SMS
>>> Interlink Group
>>> Denver, CO
>>> "Kim Oppalfens" <kim@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>> news:MPG.1d44e0ab302a13398a06b@xxxxxxxxxxxxxxxxxxxxxxx
>>> >
>>> > Just wanted to comment that sms uses any form of name resolution, not
>>> > just netbios name resolution. If the systems are resolvable by dns or
>>> > any other means you should be fine.
>>> >
>>> > In article <#vjt1TkiFHA.3568@xxxxxxxxxxxxxxxxxxxx>,
>>> > sofuoglucem@xxxxxxxxxxx says...
>>> >> SMS uses NetBIOS names to access clients as you can see from the CCM
>>> >> log
>>> >> file. To check whether NetBIOS name resolution is working properly on
>>> >> your
>>> >> network, ping this machine with its NetBIOS name on the SMS server.
>>> >> In
>>> >> this
>>> >> case "ping PRGGP22". If client's name couldn't resolved by SMS server
>>> >> client
>>> >> installation will not work.
>>> >>
>>> >
>>> > --
>>> > Kim Oppalfens
>>> > MVP SMS
>>> > Computacenter Belgium
>>>
>>>
>>>
>
>


.

Relevant Pages

  • RE: [Full-Disclosure] DCOM RPC exploit (dcom.c)
    ... I am a Techie Admin who is in management. ... the product, source it, install it, fix it, Admin it, everything except ... Then they had to retrofit the network. ... best work on our network and the purchased the right equipment, ...
    (Full-Disclosure)
  • Re: Granting all users Admin Rights
    ... I am a Network Admin for Cuesta College and we are dealing with the same ... Techs to go to install every little piece of software on users computers. ... I believe that giving users Power Users rights is the best way ...
    (microsoft.public.win2000.security)
  • Re: Printer Problems
    ... he had the user rights to disable ... (default install behavior on xp), and it failed because DeskJet needs it ... If you create another admin on that system, you could see the problem again, ... > I manage a small network at a downtown Denver hotel. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Corruption Problem
    ... >the server and one of the clients. ... >The network is 100Mb. ... >network client install. ...
    (microsoft.public.windows.server.sbs)
  • Remote Client Configuration
    ... I had an SBS2000 network, but recently installed an SBS2003 box and put the ... The new server has the same server and domain names as the ... I would think that installing the client ... Have them install TrendMicro ...
    (microsoft.public.windows.server.sbs)