IT Help needed...

F

Forge

Well-Known Member
Joined
Dec 30, 2009
Messages
245
Reaction score
0
Location
North west, Orkney, ZA
Hi All

I need help...:cry:

Being the only IT in my branch its hard to trace some of the stuff going on on the computers, like example people uing mspaint (not allowed) or simply accessing my computer via C$...All computers on the LAN have admin rights, to run the software we use in the company(WTF)
I know setting up rights is a way but I have no authority to do so...and its NA in my situation.

I currently use RADMIN,Dameware to sort out some of the techn issues, but they lack a notification system...

I need a decent freeware app that can assist me with tracking people (monitoring them)
Or some registry tricks would also help...(Disabling desktop changes and so forth)
Anything that would help a network be more manageable

Example
1)When they are accessing folders
2)Deleting stuff
3)Making changes
4)Opening certain applications (Mspaint, cmd, control panel configurations etc)
5)Remoting on my pc or other systems (Sessions)
6)Removable media is inserted

I would be appreciated to get some feedback.:D
Thanks
 
Pity you can't implement user rights, as that is the most elegant answer to your needs :(

What you can try is http://www.spiceworks.com/ I haven't used it personally, though. I would really look into permissions though, as I don't think it's right to "spy" on users.
 
Last edited:
Short of physically removing the applications (Slipstream Removal), there is not another way. Group Policies are the only way, even third party applications, (i.e the blocking of USB drives) make use of it.

If you don't want to implement a network-wide GPO, why not use a Local-per-PC one?

There is a way to use registry entries, but NOT recommended, as it will affect the entire computer, not just certain users.

BTW, a network where all the users have admin rights? Really? - Might as well not have the basics such as user passwords, firewall, or keys to the building...

Tell your boss, next time he goes out to a restaurant, he must leave the keys to his BMW on the roof, or in the door...
 
If the ultimate aim is a more manageable network, throwing a monitor at the problem is not going to help.

All you will be doing is creating a new problem that needs to be monitored constantly, which you will fail to do because it's too much data and you don't always have enough time, and, the buggers with malicious intent can bypass the tool easily.

Stop buggering around:
- move their "My Documents" onto a network drive.
- work out what permissions to assign to the users that only gives them permission to access what they need using a virtual machine and build a batch file to apply these permissions for you.
- create a new non-administrator login on each computer, apply the permissions, change the password of the administrative user if you don't want to delete it.
- point the new user to the moved location of the "My Documents" folder.
- tell user about their new user login and password.

In the meantime, setup an install procedure that will produce that secure setup for new machines, consider completely reformatting and re-installing some suspect machines.
 
Forge said:
I know setting up rights is a way but I have no authority to do so...and its NA in my situation.
Click to expand...

Why not? Can you provide some background info here as this whole thing seems back to front to me. Treating the symptoms and not the cause.
 
A virus outbreak in this network would be terrifying
 
Let me guess, you are there as IT support in the branch, but head office flat out refuses to let you do anything? If that is the case, you are in for a long painful stay, unless they let you have some control. It is the only way to move things forward.
 
MSpaint? what nefarious bastard uses MSpaint? :p

OT

I have used some badly written software that needed the user to have administrator rights to function.. So I know where you're coming from..
Personally I would just edit the crap out of the policy on each computer.
 
Thanks to all for the response - The company I work for is $#$!@^$# as their response to my question "why is \everyone added on the Admin group?" is so moronic that they flatly ignored it...

I think making some changes might get me fired but atleast I dont have to run around every 5 minutes to help some idiot with double clicking on the correct shortcut...(finding them in windows folders and asking me for help) - come on, how hard can it be? "Double LEFT CLICK on the left button on your computer mouse" - or else they dont understand...

On the mspaint issue - We mostly work with client orientated info so no screenshots are allowed to be PrintScreened and pasted into paint, also they need to have a productivity time at the end of the day and not drawing pictures...

My operations manager said the reason they put everyone on admin is so that we as the IT dont have to struggle on the floor...you can have full rights...(Bull#$@) Why the hell do I have a username then.

They are just DUMB...

Worst of all these users are even dumber...I dont want to spy on them but if they are doing something against the end user policy I need to request a warning, but how can I if they have full rights to everything...

Everyone logs in with the same username atleast - user1 example
Its only Managers that have their own name logins with set rights, they are sort of managed

This is a waste of time...I started today with simple login Batch files(put in startup) to remove games, and a regedit that removes the a ability to change screen resolutions and so forth

still want something to tweak all the computers on the LAN without having to go around 200 computers 1 by 1...Batch files are awsome!!
 
Asha'man X said:
Let me guess, you are there as IT support in the branch, but head office flat out refuses to let you do anything? If that is the case, you are in for a long painful stay, unless they let you have some control. It is the only way to move things forward.
Click to expand...

SO true...I mostly support the H/O with their ***
 
Any good edits you know of?

gpedit.msc works but how do you do this through a network? Or do I have to make the changes and export the registry and import it on all the others (using PStools to do most of the work)
 
RSkeens said:
Pity you can't implement user rights, as that is the most elegant answer to your needs :(

What you can try is http://www.spiceworks.com/ I haven't used it personally, though. I would really look into permissions though, as I don't think it's right to "spy" on users.
Click to expand...

Spiceworks is a great product I've used it personally and rate it highly.
 
Last edited:
Spiceworks is gtreat but i can't see how it's going to work in this instance. it's more an Inventory tool than a network auditor.
 
Being an only IT in a company sucks, I know the feeling, the top heads don't even undestand you when you make demands or question current systems. So far I use Spiceworks, I have'nt found anything else to do the job
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X