Remote Shutdown Help

[Anny]

heya all, i got a problem

im writing a batch file to backup all the pcs on my network and then shut the lot down, easy stuff apart from the shutdown part at the end

im running a workgroup network of xp home/pro machines and im trying to use the dos command

shutdown -m \\wms1 -s

but this just returns a message of access denied, which is a tad annoying as i cant seem to find the access problem anywhere, i know im not missing anything to silly ie firewalls blocking me or not having the right permissions set or the right services active, but i cant find the right thing to release the lockout

if anyone has any ideas please dont hold them back

cheers

 

[Alan]

Its almost certainly due to the fact the PC#s are in a workgroup and the account the SHUTDOWN is running under doesn't have administrator access to those workstations.

try PSSHUTDOWN : http://www.sysinternals.com/Utilities/PsShutdown.html

 

[Anny]

just tried psshutdown and it had the same problem, access denied,

i have tried for a while to make sure the accounts are running admin privilages, but i dont seem to be setting them all, how exactly should i make sure they have admin rights ?

 

[Ging]

run cmd files as AT jobs individually on each PC at a set time/date and just use shutdown /s

 

[Alan]

just tried psshutdown and it had the same problem, access denied,

i have tried for a while to make sure the accounts are running admin privilages, but i dont seem to be setting them all, how exactly should i make sure they have admin rights ?

The problem with a workgroup is there is no central account database, each computer has its own internal list of its resources and who can access them, managing a workgroup is a complete nightmare after you have used a domain/server environment.

 

[Anny]

run cmd files as AT jobs individually on each PC at a set time/date and just use shutdown /s

i dont really want to do this as the time of the backup changes day to day

Tears, i know what you mean about workgroups being a pig after domains, a domain is what im heading towards, when i can get the peeps who sign the cheques to agree. In the mean time i dont mind the extra time its gonna take me to set each machine up but at the moment i cant see what i am missing as far as policies go for each machine

any ideas on how i can make sure i have added a remote pc as an admin on these machines ?

 

[Ging]

how many PC's on this peer lan are used as data repositories?

call me stupid but why not simply migrate all data on to one PC and have it act as a fileserver and the other PC's can access the data via mapped drives. This simplifies the backup process down to 1 single PC.


The only way ive ever been able to emulate access to peer lan clients is to create identicle admin accounts on all the machines. Ofc this may not work with a mixture of XP Home/PRo box's and I dont know if youve tried this already. If a system doesnt recognise your credentials it will automatically try to login as Guest, which on any system should be disabled.

One other method u might try is to use RCMD utility. You will need to install RCMDSVC (Remote Command Service) on each of the client PC's but you will then be able to script to each of your client PC's, run the backup job then simply shutdown /s at the end.

RCMD is available from MS Resource Kits (2000 definatly).

YOu need rcmdsvc.exe and rcmd.exe

to install the service copy it to system32 directory and run the following from cmd prompt

c:\windows\system32> rcmdsvc -install

You would a script it as follows

rcmd \\PCNAME c:\<path>\backup.cmd

this is ofc dependent on how your backing up your data (Ntbackup, copy, robocopy etc..) are all easily scriptable methods.

Basically rcmd gives your dos control of a particlar machine - usefull little utility.

If you cant get hold of the files pm me your email address and ill send them to you.

 

[Anny]

thanks ging ill give RCMD a try, as for dumping all the data on 1 machine and using it as a file server, well for 90% of the workload thats what i do atm but i have a couple of akwark utterly computer illerate people here who couldnt handle navigating to another machine on the network

dont ask me how its so hard you just click on the mapped network drive icon, but they just cant do it and end up saving everything to their machines in a variety of differant places

it drives me nucking futty tbh, but hey its a challenge keeping track of everything and it keeps me out of trouble etc

please excuse my bad spelling and grammer its been a long hot day

 

[Ging]

thanks ging ill give RCMD a try, as for dumping all the data on 1 machine and using it as a file server, well for 90% of the workload thats what i do atm but i have a couple of akwark utterly computer illerate people here who couldnt handle navigating to another machine on the network

dont ask me how its so hard you just click on the mapped network drive icon, but they just cant do it and end up saving everything to their machines in a variety of differant places

it drives me nucking futty tbh, but hey its a challenge keeping track of everything and it keeps me out of trouble etc

please excuse my bad spelling and grammer its been a long hot day

i understand but if this is the case you EDUCATE your users. Even the most imcompetent monkey can be tought "best practice". It seams that your users lazyness is making your life as an adminstrator hell. TBH m8 you need to take this to the boss and inform him that you need to spend 1-2 hours with a couple of his retards or hes goign to start loosing data.


Ofc another method is to jsut move their My Documents area to a share and confirm all document locations are therepoint to My Docs. The fuckers wouldnt know the difference and all their data is safe.

Im basing this assumption that the data in question is standard office type apps (MS Office?). In the case of email again you move their PST files (in the case of Outlook) to the server share therefore making it pretty much idoiot proof. This may come across as pretty harsh to the boss dude but when you inform him its HIS/HER data and business at stake in the event of a disaster you will find him/her suddenly very reasonable.

 

[Anny]

i agree with you ging the trouble is the boss is one of the retards lol and altho i have spent time with him trying to teach him a couple of very simple procedures that would sort this out he just gave up on the whole thing

i do have his machine setup to save most things in easy to backup places and i do manage to get most of it when i backup manually folder by folder,

i mean he lets outlook save his emails in temp folders then moans at me when he cant find them

all in a days work lol

and the monkey comment is so true, anyone know the name of that chimp that has a black belt in katate ?

this foo cant destinguish between a single or double click

anyways im off to get some dinner and to relax from today teehee

thanks for your help ging, ill try out RCDM in the morning and post results

nn

 

[Anny]

hey ging you out there today lol

ive tried RCMD, and i can now view and navigate through the pcs, remotely via DOS, i am still missing a permission somewhere on the client machine and its not letting me do anything apart from navigate

when i try and run a shutdown command or run a batch file with the shutdown command in it i just get an error message saying

"a required pirvilage is not held my the client"

anyone have any ideas how i can give it the full access privilages ?

 

[Ingafgrinn Macabre]

hey ging you out there today lol

ive tried RCMD, and i can now view and navigate through the pcs, remotely via DOS, i am still missing a permission somewhere on the client machine and its not letting me do anything apart from navigate

when i try and run a shutdown command or run a batch file with the shutdown command in it i just get an error message saying

"a required pirvilage is not held my the client"

anyone have any ideas how i can give it the full access privilages ?

Do all administrator accounts have thesame password and are you running the command in dos thru your administrator account on that PC? like all have an account named "administrator" with password "<password>" (so that all administrator passwords are equal across all PC's)?

(just guessing here by the way... not really experienced or educated in that stuff )

 

[Ging]

hey ging you out there today lol

ive tried RCMD, and i can now view and navigate through the pcs, remotely via DOS, i am still missing a permission somewhere on the client machine and its not letting me do anything apart from navigate

when i try and run a shutdown command or run a batch file with the shutdown command in it i just get an error message saying

"a required pirvilage is not held my the client"

anyone have any ideas how i can give it the full access privilages ?

Ok new util for you called "SU". Stands for switch user, can be scripted and run as a command. Again from resource kit find su.exe and suss.exe, copy to c:\windows\system32 and run from cmd prompt

c:\windows\system32> suss -install

now at a cmd promt if u type su <enter> you will get a gui copy of the util up. This will give you a quick glance at what the utility can do for you.

In simple terms it alow you to login as a different a/c perform a task and then quit very easily.

Script is as follows

c:\>su admin_account < c:\utils\pw.txt (where pw.txt holds the admin_account password - you should only use this for automated scripting and yes i am aware of the security risks - good practice to move this file to a different loc and change its name to something less obvious )

When using this utility in a DOS environment you will get a new dos shell come up. This and only this shell will be logged in with the admin rights on that client so you perform what ever tasks you need to complete within this. Once you close that shell you will loose the functionality of the account you logged in as.

Hope this is clear.

 

[Anny]

in not sure how this is going to help matey, its a nice util and im sure can be very usefull but unless i am missing some syntax or something it doesnt look like it can be used by remote

ie

i cant tell it to look at another pc, i can switch accounts about on the local machine im sitting at but that dosent help me run a shutdown command from the batch file on another machine

perhaps i am implimenting it incorrectly /?

 

[Gahn]

I have a vague thought of had to use this one for a customer sometime ago:

http://www.dimaware.com/shutdown/shutdown.html

 

[Ging]

ill check

 

[Anny]

gahn,

again its another very handy very nice looking util, but its still not getting the access it needs to administer the remote pc and brings up an error message of access denied when run remotely

 

[Gahn]

gahn,

again its another very handy very nice looking util, but its still not getting the access it needs to administer the remote pc and brings up an error message of access denied when run remotely

If i remember right it setups a service ain't it? U need to change the user running the service to Administrator/System to avoid it.

 

[eggy]

You could just use the task scheduler program to shut down the PCs at, say, midnight (or a time where you definitely know backup will be complete).

 

[Anny]

yes your right eggy, but i wanted to be a little more cleaver or akward lol

ive setup a batch file on each client machine now that when run at the end of the day messages the backup machine that the user is off for the day and the pc is ready for backup and then starts a shutdown on a timer, then the backup machine can run its backup from the machine that messaged it etc etc

its not the way i wanted to do it because it requires the user to double click on something when they go instead of shutting down but it works nevertheless

ill just have to keep watch that nobody accidentally runs it midday or something and ends up shutting down their machine and loosing work

cant see it happening tbh because the shutdown window is set to be always ontop, but you never know with these peeps here

 

[eggy]

I'm a little confused though:

Why not just get everyone to work off a central fileserver; thus negating the need for any type of client system backup?

 

[Anny]

ging asked the same question

the majority of the work is run from a central machine in the workgroup but there are a couple of people in the company who lack the skills to use that system, ive tried many times and spent many hours trying to explain why it should be done from 1 machine and showing them how to move between folders, but unfortunatly they just cant grasp it, and the fact that the main user problem is the boss, and he has given up on the whole idea,

old dogs new tricks kinda situation

 

[eggy]

ging asked the same question

the majority of the work is run from a central machine in the workgroup but there are a couple of people in the company who lack the skills to use that system, ive tried many times and spent many hours trying to explain why it should be done from 1 machine and showing them how to move between folders, but unfortunatly they just cant grasp it, and the fact that the main user problem is the boss, and he has given up on the whole idea,

old dogs new tricks kinda situation

We had a similar problem; 6 or 7 people working off seperate machines with only very basic networking. I tried and tried to persuade the use of a central server (even though we only had home-grown knowledge of computer systems.

Eventually we cashed in on a central server, set it up ourselves (a lot of it trial and error). We've had it a year and the once-sceptical boss is now overjoyed with the increases in productivity and security.

It's now put in our contracts that all project materials must be written to the central server. Then again, our work is extremely sensitive and confidential - nobody wants to be sued by a large corporate entity!

I can't see any real headaches solely working from the central source. Map a network drive and simply tell him he has to save onto that drive instead of C: - can't really get much simpler

Or, back up his computer, simulate a complete fuck up (hard drive fail, backup tape fail) and when he's shitting his pants tell him this wouldn't happen if you all worked off the central server! (then give him his backup tape, buy him a pint and hope he's forgiving of the lesson...)

 

[Anny]

Or, back up his computer, simulate a complete fuck up (hard drive fail, backup tape fail) and when he's shitting his pants tell him this wouldn't happen if you all worked off the central server! (then give him his backup tape, buy him a pint and hope he's forgiving of the lesson...)

ive always liked your thinking dude, tbh this is something i have thought about and like you our work revolves around very sensitive data, and i have made him aware of the advantages of runnign a domain and the disadvantages of running a workgroup from all aspects, he will eventually write me the cheque i need to get the kit in, but untill he does, i have to try and keep everything as safe/secure/efficient as i can
but when the equipment you have to work with is a mishmash of random bits bought cheap at auction and upto 7-8 years old its a bit of a juggling act

 

[eggy]

ive always liked your thinking dude, tbh this is something i have thought about and like you our work revolves around very sensitive data, and i have made him aware of the advantages of runnign a domain and the disadvantages of running a workgroup from all aspects, he will eventually write me the cheque i need to get the kit in, but untill he does, i have to try and keep everything as safe/secure/efficient as i can
but when the equipment you have to work with is a mishmash of random bits bought cheap at auction and upto 7-8 years old its a bit of a juggling act

True, true.

I still like telling panic stricken employees that the backup failed last night and project they just wiped from the server is gone forever.

MUAHAHA.

 

[Anny]

True, true.

I still like telling panic stricken employees that the backup failed last night and project they just wiped from the server is gone forever.

MUAHAHA.

nice, youll have to capture their faces on film sometime for the canteen notice board or whatever

 

[Gahn]

Hide local disks through Local Policies and they gonna see only the Connected Network Drive xD

 

[Anny]

Hide local disks through Local Policies and they gonna see only the Connected Network Drive xD

this is also a nice idea could almost simulate the look and usage of an active directory so they can get used to it for when the domain gets here lol

 

[eggy]

this is also a nice idea could almost simulate the look and usage of an active directory so they can get used to it for when the domain gets here lol

?

Users don't need to touch active directory.

 

[Anny]

i ment the single directory where they keep their files on the server my own shorthand etc lol