Just an opinion I'd like from you and how we would go about it.
In the last 3-4 months I've been made a full time IT Support Technician and I'm training myself on the job.
At the moment we have 3 rooms. IT suite, Main Office and Senior Management Team.
Here is a diagram of the structure:
We don't keep any files local (Or we try not too) We have a cloud server (Linux based Samba at a Data Center about 20 miles away).
Everyone is an admin on their account because we have to put up with OCR's god awful software which requires an admin to run.
Basically I want to make the whole system secure and faultless (I know right..)
Sometime in the future I'l be turning the machine next to me into a server (FOG or using WDS) to make it so the machines aren't corrupt via software. It will look like this:
Any suggestions are much appreciated
Last edited by Bradlys; 21st November 2013 at 01:37 PM.
I'd love to, but don't have screen capture stuff with me here (don't need it on this site really) nor can I use Skype .. all blocked up .. I'll try and step you through it below though ..
Right, open up Notepad (or your preferred text editor) and you need to create something similar to the following - please bear in mind, I've hacked this script a bit from one I've found, so someone might be able to give you a cleaner script - initially, this searched for the CD drive on the machine as one piece of software ran from a CD:
When you've created this, save the file somewhere with the extension .vbs and follow the instructions on this page >>> Encrypting VBScript code ( vbs to vbe ) <<< to encrypt the vbs to a vbe. Now, word of warning, this doesn't mean it's unhackable as vbe can be reversed if you know how, but it just means the password isn't immediately available in plain text. Test the script to make sure that it works obviously (if just you testing, you can test the vbs version of it then when it works, convert it).Code:Set WshShell=WScript.CreateObject("WScript.Shell") Set FileSystemObject = CreateObject("Scripting.FileSystemObject") Set Drives = FileSystemObject.Drives For Each DiskDrive in Drives DriveLetter = DiskDrive.DriveLetter DriveType = DiskDrive.DriveType If DriveType = "CD-ROM Drive" Then CDDrive = DriveLetter Exit For End If Next Set Drives = nothing Set FileSystemObject = nothing strCmd="C:\PATH\TO\PROGRAM.EXE" strUser="DOMAIN\ADMIN-ACCOUNT" strPass="ADMINPASSWORD" set WshShell=CreateObject("WScript.Shell") WshShell.Run "runas.exe" & " /u:" & strUser & " " & strCmd WScript.Sleep 1000 WshShell.Sendkeys strPass & "~"
Now, copy (or move) the .vbe file you've created to somewhere accessible by all for them to run the software from (I use the \\domain\NETLOGON area and have a folder within that then deploy short cuts to desktops and/or the Start Menu to let people run the program.
And that's it, should get you being able to run the software as an administrator, but then demote the user accounts down to something more sensible within a managed environment.
Hope that helps
Bradlys (21st November 2013)
There are currently 1 users browsing this thread. (0 members and 1 guests)