WildOptic Posted August 4, 2004 Share Posted August 4, 2004 Currently at work we are switching to Server 2003. We have a HUGE network and are currently looking into using the helpassistant account to remotely tech support the rollover to exchange/outlook/server2003. However, to keep things secure we would like to delete the current helpassistant account and recreate it with a new password. When this is done we get the error program cannot start when trying to open a remote connection. Any ideas or anyone that has experience with this issue? Link to comment Share on other sites More sharing options...
Curv Boll Posted August 4, 2004 Share Posted August 4, 2004 Help assistant account??Not sure of this account, if you are using remote assistance which remainsas slow as a week in jail then there are several ways to do this.1. If the user on your network requires assistance from a remote expertthen the user can request help and as long as your network firewall has port3389 open the expert should be able to accept the invitation to help with nothing further required.2. The expert can can initiate the help session himself without an invitation as long as the default group policy on the domian controller has his account in "allow remote assistance" under administrative templates.Remember that you must enable remote assistance on win 2003 by going to system properties > remote tab.A much wiser and faster type of remote connection would be remote desktop!Which is also enabled on the remote tab.However with remote desktop you must add the remote expert account to the "remote desktop users" group. Administrators have this logon right by default.Good luckCB Link to comment Share on other sites More sharing options...
WildOptic Posted August 4, 2004 Author Share Posted August 4, 2004 The issue again focuses on how to repair the helpassistant account if it has been deleted or the password has been changed. Link to comment Share on other sites More sharing options...
Curv Boll Posted August 4, 2004 Share Posted August 4, 2004 ok,i must be missing something here,you are changing over to 2003 server with your own mail server,this will obviously be done in house ??once you have 2003 server setup you will find that all remote connectionsare disabled by default, you can enable remote desktop or remote assistant.There is no default help assistant account in 2003.once enabling remote desktop admin on the server are automatically given the remote desktop permission. You can add more users to have this right by adding them to the group.You can also remove them from that group just as easily.With remote assitant, there are no rights required for remote experts as the invitation is sent from the network to them which automatically includes the the right to connect.You can alter that by adding the remote expert to the allow remote assistant permission so that they can initiate the connection.My question is, where does this help assistant account come into play as its not on 2003.CB Link to comment Share on other sites More sharing options...
WildOptic Posted August 4, 2004 Author Share Posted August 4, 2004 Sorry for the confusion. This account is on XP machines that we may come across with 1. helpassistant account non-existent or 2. with a changed password. Link to comment Share on other sites More sharing options...
WildOptic Posted August 4, 2004 Author Share Posted August 4, 2004 Seems that running sessmrg -service in safe mode repairs the helpassistant accounts and was albe to solve the issue "program could not start". This also allowed remote assistant connections work properly so long has "NT Authority\Interactive" account was in the users group.(normally isnt with our setup/a script will fix that).Now the trick is there anyway to create a script to force xp to boot into safe mode so we can get the user to run sessmgr - service in safe mode then reboot normally to be able to allow remote connections again. Thanks for the great input curv boll.(made us thing about testing the nt authority\interactive account) Thanks, WildOptic Link to comment Share on other sites More sharing options...
Curv Boll Posted August 5, 2004 Share Posted August 5, 2004 Hi WildOptic,Glad to see your getting towards the goal,sadly though i personally don't think a script / batch filecould boot you into safe mode as a user normally reaches safe mode before the system has reached the stage where it executes system scripts.The other problem is that there is no way to hold script info in the memory bufferwhilst the machine reboots. This means that executing a script to reboot andenter into safe mode is not possible to my knowledge.Perhaps some1 else knows of a way,can i ask why you want to do this? Perhaps there is another waycheersCB Link to comment Share on other sites More sharing options...
WildOptic Posted August 5, 2004 Author Share Posted August 5, 2004 The reason we would like to do this is becuase we have a unknown number of machines that may have this issue and it would just be time saving while on the phone for users that just cant hit F8 in time. We have found a way to edit the boot.ini via script to boot into safe mode on next boot. It easy to push the script into the pc over the network. However the next issue is we realized the the only way to log into safe mode is with the admin account. The users on our networks wont be able to log in as there is no local admin account for anyone other than networking and techs. We tried running the repair in safemode with networking however, this doesn't repair the issue properly. We are talking over 5000+ machines with an unknown number with this issue. We are trying to keep from forcing the need to physically bring in the machine for us to trouble shoot and issues with users switching to exchange(only option available) after the server change from NT to Server 2003. Its a fun time needless to say has a number of users rush out to make sure they have W2000 or XP in order to be able to connect and get upset that they must switch to exchange for email instead of dos based pine, netscape(yes some have that still), and old versions of outlook. Well another day and I'm off to work to brainstorm some more. WildOptic Link to comment Share on other sites More sharing options...
Curv Boll Posted August 5, 2004 Share Posted August 5, 2004 Quite a situation you got there,i have a friend who had hundreds of computers across several sites.they did not have norton ghost so they could not PUSH an image to fix the remoteclients.Instead they created 2 partitions on each client, they created an image of the clientand stored it on the second partition.then whenver users called up with a problem on the system partition thatthey could not fix, remote admin would connect to the faulty system and edite the autoexec file to boot to the alternate partition. All the user then had to do was reboot the machine and they were working again.This gave admin time to allow for them to visit each location and repair the system partitions with problems.I know the above is far from your situation but i remember thinking this was a great idea for admin covering several locations and time ebing an issue.it may or may not be of any use to you,good luck all the same.CB Link to comment Share on other sites More sharing options...
WildOptic Posted August 5, 2004 Author Share Posted August 5, 2004 Wow...no ghost! Well, for LAB computers we have a hardware then runs an image of a master drive on boot. So if theres an issue just reboot. Of course you can't save anything on the system but its only a lab pc so its ok. However, we might have found a way to get the fix running in safe mode with networking. I will update after more testing here this morning. WildOptic. Link to comment Share on other sites More sharing options...
WildOptic Posted August 5, 2004 Author Share Posted August 5, 2004 Ok seems we have found a way automate safe mode with networking on boot and have the user type in the run command for the fix. From that point on all is well. Thanks curv boll for the great input. The switch from NT to server 2003 just got easier for us all! Link to comment Share on other sites More sharing options...
Curv Boll Posted August 5, 2004 Share Posted August 5, 2004 Hi WildOptic,I am not sure i helped at all but glad to see you guys have worked up aclever solution to your problem.Thanks for letting me know, makes the conversation worth it.depending on how good your users are you might think aboutrunning that command in safe mode by means of the user running it as a batch file.(like i say, all depends on your type of user and the complexity of the command)CB Link to comment Share on other sites More sharing options...
WildOptic Posted August 5, 2004 Author Share Posted August 5, 2004 Yes we already have the batch file setup to run in safe mode. So far all test have worked fine. And we have even got the chance to try it with a user today. Link to comment Share on other sites More sharing options...
Curv Boll Posted August 6, 2004 Share Posted August 6, 2004 Nice,good luck with your plansCB Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now