Support
Authorization

Newsletter

  Settings

Configure Windows NT Security Permissions via command line?

 

Forums list
Topics list
New topics
Search
Rules
Help
Login: 
Register

Pages: 1
  Views: 9149Topic:: «Configure Windows NT Security Permissions via command line?» on forum: Radmin 3.x Troubleshooting
#1
Is there a way to manipulate the Permissions list for Windows NT Security? For example to use a script to permission a local group to have full control - without manully configuring it through Radmin Server Settings?
Profile
#2
Hello,

You can create .msi file then mass deploy it via politics or via our special utility.
Profile
#3
Hi Eugene - yes we have customized the installer, but I'm asking whether if it's possible to manipulate the permissions list after Radmin server is installed, without doing it manually on each PC.
Profile
#4
You can add this group in the list then deploy registry key to other PCs.
Profile
#5
Hi Eugene, I tried running procmon to see what regkey rserver3.exe is modifying when I change the permission list, but I could not find anything obvious. Can you specify which regkey value/data I need to capture?
Profile
#6
Hello,

I suppose
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Radmin\v3.0\Server\Parameters\NtUsers

(this is from my 64bit machine, you will have slightly different path if you use 32bit OS).
Profile
#7
Thank you - I could've sworn I checked this key and couldn't see this key was changed after changing the permissioning.

I guess since we're using local groups for permissioning, and each local group is a different SID for machines, I'll just have to backup regkey per machine prior to upgrade, and merge it back in afterwards.

Thank you again!
Profile
#8
As the initial thread stated, I too am looking to

"...manipulate the Permissions list for Windows NT Security? For example to use a script to permission a local group to have full control - without manully configuring it through Radmin Server Settings?"

But I need to add a list of users and not a group. Here is what I have tried with no success.

- Added the users to Radmin NtUsers manually. Then exported that reg key. Then imported it on another machine. It didn't work.

Is this doable?

It looks like the machine name is being appended to the user name?

The data in the regkey looks like this...

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\NtUsers]
"1"=hex:24,00,00,00,00,00,00,00,1f,00,00,00,01,05,00,00,00,00,00,05,15,00,00,\
00,6c,ca,cb,3b,95,37,78,d1,2a,95,7b,c0,f0,03,00,00,24,00,00,00,00,00,00,00,\
1f,00,00,00,01,05,00,00,00,00,00,05,15,00,00,00,6c,ca,cb,3b,95,37,78,d1,2a,\
95,7b,c0,f4,01,00,00,24,00,00,00,00,00,00,00,1f,00,00,00,01,05,00,00,00,00,\
00,05,15,00,00,00,6c,ca,cb,3b,95,37,78,d1,2a,95,7b,c0,ee,03,00,00,24,00,00,\
00,00,00,00,00,1f,00,00,00,01,05,00,00,00,00,00,05,15,00,00,00,6c,ca,cb,3b,\
95,37,78,d1,2a,95,7b,c0,f3,03,00,00,24,00,00,00,00,00,00,00,1f,00,00,00,01,\
05,00,00,00,00,00,05,15,00,00,00,6c,ca,cb,3b,95,37,78,d1,2a,95,7b,c0,f5,01,\
00,00,24,00,00,00,00,00,00,00,1f,00,00,00,01,05,00,00,00,00,00,05,15,00,00,\
00,6c,ca,cb,3b,95,37,78,d1,2a,95,7b,c0,f1,03,00,00,24,00,00,00,00,00,00,00,\
1f,00,00,00,01,05,00,00,00,00,00,05,15,00,00,00,6c,ca,cb,3b,95,37,78,d1,2a,\
95,7b,c0,f2,03,00,00



Any help with figuring this out would be greatly appreciated.

Doug
Profile
#9
Local users will have different SIDs, better to add/remove users to group via AD.
Profile
#10
But one of the issues I am having is that we are not on AD and can't be. Like my post says, I NEED to be able to add a list of users and NOT a group.

So what you are saying is that it is not possible to add a list of users programmaticly? Or is it doable but just hard? If you have any ideas I would be open to trying them.

Thanks!
Profile
#11
You can add them via Radmin security and coping registry key, however Windows NT local users have different SIDs.
Profile
#12
Right, that's exactly what I tried doing. But that won't work due to the different SIDs right? Anyway around this issue?
Profile
#13
Either use Radmin authentication or use script such as AutoIt which will add appropriate users via mouse clicks on each PC.
Profile
#14
Great advice! I did not think of using something like AutoIT, I will look into it.

Also, I had another thought. The majority of my systems were imaged from one master Windows image. I wonder if they are enough alike that the SID would be the same. Something I will test. But AutoIT looks like the way to go.

Thanks for your excellent help.
Profile
#15
Hello! I have a question about this.
All the AD groups that I add to access added to a single registry key
Code
HKEY_LOCAL_MACHINE\SOFTWARE\Radmin\v3.0\Server\Parameters\NtUsers\1


That is, when I need to add another AD group to access, I need to overwrite that registry key with a new set of groups, rather than add another registry key, such as 2, which would be added by the new group.

Is there any way to add security groups to the registry key without overwriting
Code
HKEY_LOCAL_MACHINE\SOFTWARE\Radmin\v3.0\Server\Parameters\NtUsers\1
registry key?

In version 2 I can add a security group in [HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Users] without overwriting any items. Can I do something like that in 3 version?
Profile
#16
Well I am unsure actually, but it looks like for now it is a single registry key. However you can make an experiment: add AD group to Radmin, export key, remove AD group, repeat with another one, restore first key (so you have 2 keys) and check what happens )
Profile
#17
I've tried to do so. Got a key 1 which was a key group one and 2 in which there was another group. I opened the Radmin Settings - there was only the first group. 2 key was ignored.
Profile
#18
Then it doesn't work such way. I've added your wish to our wishlist.
Profile
#19
Good! But in anticipation of the new version, I decided to proceed as follows.
In the setting of Radmin Server only add the local administrators group.
And when I need to provide access to some domain security group via Radmin, just add to the local administrators.
However, this method provides the extra administrative privileges to those who only permitted to be granted the right to connect to computer via Radmin.
And I hope You are correct the method of storing NT security settings in System Registry in new version of Radmin Server...
Profile
#20
Hmm, what if you create a new AD group without rights then add it to Radmin?
Profile
Pages: 1

Users browsing this topic
Number of guests: 1, registered members: 0, in total hidden: 0

Radmin 3.5

Windows 8 Compatible

DOWNLOAD

Free for 30 days

BUY NOW

Only $49 per lifetime license
for  50 PCs - $29.8 per remote PC
for 100 PCs - $24.9 per remote PC
for 150 PCs - $23.3 per remote PC
from 200 PCs - $22 per remote PC
Follow us on Twitter
Famatech Corporation Copyright © 1999-2014 Famatech. All rights reserved.