I'm fed up of logging in to a server every time I want to reset a password and I'd like to carry *all* the admin tools in our home drives. Adds some accountability too, because we can start auditing changes then. Tried fetching the .msc files from a server but they won't initialise in the MMC.
Have you done this and, more importantly, how?
powdarrmonkey (11th March 2008)
i ended up creating a tool myself thats like a mini active directory sort of thing. will list all users as they are in AD, and then give me the option of doing stuff like resetting passwords, disabling accounts and various other things.
i would say try it out but its not 100% working in some areas and as such i wouldn't want anyone to try it on their domain without full prior knowledge to that.
I looked at the adminpak before but I thought it was a per-machine installation?
it is, but it installs the underlieing features which you then use in mmc. once installed you can create a really good custom mmc which allows you to change passwords really easily. was detailed on here somewhere, i'll have a little look.
That's just it - we only have one permanent admin machine and spend a lot of time in the staff room where it would be good for us (and us only) to have the mscs somewhere useful. Any ideas?
Well so long as you use Folder Redirection, or some other administration tool to control available applications/shortcuts, then it shouldn't be a problem.
When you've installed both packs, they appear under the Administrative Tools folder, which by default domain users cannot see, but domain administrators should be able to.
@powdarmonkey: what features are you looking to be able to use? is it just resetting passwords?
having the admin tools pack installed should hopefully not be a security risk ( ie teachers wont be able to use it). once deployed onto a machine you can move mmcs around freely.in the same way once word (admin pak ) is installed on a machine you can open word documents (mmc's).
have a look at the following link http://www.edugeek.net/forums/showthread.php?t=14088
Why not have a seperate admin user each then RDP into the server as that, this will give you the accountability that you want but without the risk of having the admin pack on each station.
If it's just resetting passwords that you want i have a script that does it, i give teachers access to this as well so they can reset student passwords in class.
Deploying the pack around the admin machines shouldn't be a problem, that sounds a good compromise.
I don't really care about the accountability but it's the RDP into servers I'm trying to avoid. It's easier to manage multiple domains from one MMC.
Thanks for all your input
If I'm out and about and need to change a password I use good old NT User Manager which is stored in my home drive. Don't know why it still works but it does! Might be because our forest is showing as 2003 interim, our domain is pure 2003
There are currently 1 users browsing this thread. (0 members and 1 guests)