We dont have any installation of Active Directory and Workgroup etc. We have deployed SDP with agents. Since the environment does not have an Active Directory installation, any updates to the agents is not possible without physical visit to the client. Also any installation of fonts etc is not currently possible without a physical visit.

All the users in our environment are mainly using the account with Administrative privileges to login locally and use the PCs (either built in administrator account or a separate administrator privilege account). They are also allowed to change the password of their Administrator accounts being used by them. In view of this fact it is felt that this main administrator account cannot be reliably used for accessing the PCs remotely from the Helpdesk software or to deploy the fonts, patches etc as elaborated above. Hence it is proposed to create another hidden administrator account with a common name and password across all the PCs, which will then be used to access the PCs remotely by the helpdesk software remote control etc. To avoid confusion among the users the account used for our purpose shall be kept hidden.

Deploying Active Directory would basically require to instil some IT discipline among the users and management capabilities which may not be feasible in the current scenario immediately. Till then we have to plan and fulfil the below mentioned objectives without an Active Directory.

1. Implementing the Remote Control of the Helpdesk Software Agent. We also need to remotely update the versions of the agent as and when released, without physical visit to the PCs etc.

2. Implementing the Fonts and general Software Deployment solution.

3. Implementing the Windows Update/ Patch Management solution through WSUS or otherwise.

4. Is there any free third party tool which can help achieve the objectives.

5. Is it possible to get a batch file or script which would automate the task of hiding one account with administrative privileges on a large numbver of computers so that it does not appear on the logon screen. However it should be possible to remotely login to the computer using the same login account and push patches and updates.

6. It is worth noting that out of a large number of computers, some have Windows XP, some have Vista, while others have Windows 7 loaded on them. So the batch file or script proposed should be able to work on all the three operating systems. If separate batch files/ script are required for different operating systems then all the scripts / batch files may be advised.

In this regard and above requirements, kindly advise on the feasibility and suitability of the following:

1. Is it recommended to create hidden user Account with Administrative privileges on each of the 1500 PCs. The user account name and password shall be same/common to all the 1500 PCs. However the user account should not be visible on the logon screen of Windows.

2. Use the common Administrative privileges account to push patches and use Windows Update/ WSUS etc or to push any other software update, fonts, agent update etc.

3. Is there any free third party tool which can help achieve the objectives.

4. Is it possible to get a batch file or script which would automate the task of hiding one account with administrative privileges on a large numbver of computers so that it does not appear on the logon screen. However it should be possible to remotely login to the computer using the same login account and push patches and updates.

5. Is there any other alernative method or solution available to achieve the above objectives.

I would request for suggestions on implementing the above, till the AD environment is put in place.