Pages: 1

 

2008-05-12 06:41:34
Ninja_Kid2002
Member
+119|6277|Floodsville, TN, (UK really)
Calling all knowledgeable people!

IT have restricted all our computers so that we don't have access to our CD drives. But one of my colleagues (after a lot of persuading, maybe even the odd BJ!) has managed to get hers put back on, and I caught a glimpse of what the guy was doing, but now I can't repeat it.

It looked like he was in either the registry or gpedit.msc, but I can't find anything in regedit that looks right and we seem to have gpedit restricted, but my colleague assures me that whatever he accessed wasn't restricted and he didn't have to put a password in.

Anyone got any ideas?
He selected something in the gpedit-type-program and changed it from 'Enabled' to 'Disabled' (or maybe the other way around)

I have a feeling that this is too little information, and there's probably a million ways they could have restricted it, but I figured someone on here might have an idea and cares enough about a little karma to suggest it.

Cheers folks
2008-05-12 06:46:18
jsnipy
...
+3,276|6533|...

try start->run->mmc, go to file, "Add remove snapin", then add "Group Policy Object Editor"
2008-05-12 06:48:36
pedigreeuk
I'm English, not British!
+113|6781|Rotherham, England
Not been disabled in device manager has it? just a first to check while I try and remember.
2008-05-12 06:49:18
killer21
Because f*ck you that's why.
+400|6601|Reisterstown, MD

If it is a GPO issue, meaning, the guy from IT logged in as an admin or put your colleague in administrator group on her computer locally, then there is nothing you can really do.  If they used a GPO(Group Policy) then they shut down everything.  If you know someone in IT, ask them to put you in the admin group on your pc then you can change anything you want.  Other than that, not much you can do.  Most likely, they have disabled your regedit or group policy on your computer.

Edit: I fail at grammar apparently.

Last edited by killer21 (2008-05-12 07:19:24)

2008-05-12 06:49:21
Ninja_Kid2002
Member
+119|6277|Floodsville, TN, (UK really)

jsnipy wrote:

try start->run->mmc, go to file, "Add remove snapin", then add "Group Policy Object Editor"
No start->run option on these PCs. Is there a way I can get to 'mmc' through 'My Computer'?

Have karma for your efforts.

pedigreeuk wrote:

Not been disabled in device manager has it? just a first to check while I try and remember.
Can't get to control panel to check device manager.

Have karma for your efforts

killer21 wrote:

If it is a GPO issue, meaning, the guy from IT logged in as an admin or put your colleague in administrator group on her computer locally, then there is nothing you can really do.  If they used a GPO(Group Policy) then there shut down everything.  If you know someone in IT, as them to put you in the admin group on your pc then you can change anything you want.  Other than that, not much you can do.  Most likely, they have disabled your regedit or group policy on your computer.
He didn't log out at all, that's why I'm convinced I can do it myself. He even rang one of his colleagues to check and I heard him say "I'm still logged in as the user, that's right isn't it?" He never logged out after that and never even typed anything, he just used the mouse.

I still have access to the regedit, but I've searched it for anything with "CD-ROM" in it since that's all I could see on the screen, but no luck.

Have karma for your efforts

Last edited by Ninja_Kid2002 (2008-05-12 06:53:06)

2008-05-12 06:51:26
killer21
Because f*ck you that's why.
+400|6601|Reisterstown, MD

Ninja_Kid2002 wrote:

No start->run option on these PCs. Is there a way I can get to 'mmc' through 'My Computer'?

Have karma for your efforts.
Damn, talk about being locked down...You probably don't even have a hard drive.  You mostly likely log into a server and inturn the server is in essence your desktop.  Therefore, you won't be able to change anything.  That is hardcore right there lol.
2008-05-12 06:53:23
jsnipy
...
+3,276|6533|...

You can browse to mmc in C:\WINDOWS\system32\mmc.exe.

This shows you the group policy setting: http://www.windowsdevcenter.com/pub/a/w … olicy.html

Last edited by jsnipy (2008-05-12 06:56:16)

2008-05-12 07:03:14
robcr9
Member
+111|5991
if you have access to the command console ...try and fiddle with that to open that stuff. if the console.
2008-05-12 07:14:47
steelie34
pub hero!
+603|6391|the land of bourbon
trying to circumvent your company's efforts to lock down your systems is a great way to get fired.  just my two cents.  ask your IT person if you can use your CD player.  chances are they'll let you. 

if you don't care about being fired, than you have to find a way to get your user account into the local admin group on your machine.  from there you can easily remove gpo settings and do whatever you want.  fair warning: if any IT people check your system logs, they can tell if the network group policy is no longer being applied.  i won't go into detail about cracking group policy, because i dont want any AWMs.  google is your friend.

everyone else's suggestions are in the ballpark of what you need to do, but all of it is moot without local admin rights.  this is the most important thing to do before you can try anything else.

Last edited by steelie34 (2008-05-12 07:16:48)

https://bf3s.com/sigs/36e1d9e36ae924048a933db90fb05bb247fe315e.png
2008-05-12 07:15:53
ghettoperson
Member
+1,943|6659

They've probably just disabled it.

Go to My Computer. I assume you can still see some form of drive there. Right click > Properties > Hardware > Single click CD drive then hit properties. Then just change Device usage to enable.
2008-05-12 07:18:26
steelie34
pub hero!
+603|6391|the land of bourbon

ghettoperson wrote:

They've probably just disabled it.

Go to My Computer. I assume you can still see some form of drive there. Right click > Properties > Hardware > Single click CD drive then hit properties. Then just change Device usage to enable.
if its disabled through group policy, all of those particular settings will most likely be greyed-out.  he will need admin rights, block the group policy, and then he can change shit.
https://bf3s.com/sigs/36e1d9e36ae924048a933db90fb05bb247fe315e.png
2008-05-12 07:19:30
ghettoperson
Member
+1,943|6659

By the sound of it it isn't, as he'd at least to Run As if he wanted to do it without logging out. I don't know, just an idea.
2008-05-12 07:20:51
killer21
Because f*ck you that's why.
+400|6601|Reisterstown, MD

steelie34 wrote:

if its disabled through group policy, all of those particular settings will most likely be greyed-out.  he will need admin rights, block the group policy, and then he can change shit.
Very true.  Without, at the minimum, local admin rights, he really can't do much.

ghettoperson wrote:

By the sound of it it isn't, as he'd at least to Run As if he wanted to do it without logging out. I don't know, just an idea.
Even if he used shift+right click to do Run As, he will still need admin rights because he will just get the red x saying he doesn't have sufficient privileges.

Last edited by killer21 (2008-05-12 07:22:17)

2008-05-12 07:25:36
steelie34
pub hero!
+603|6391|the land of bourbon
yes admin rights are key.  you should try asking first, you'd be surprised at how lenient an IT person might be.  if your colleague was able to get her cd drive, then i'm sure you can get the same. 

if you are absolutely hellbent on taking control of your pc without IT's knowledge, a good first step is cracking your local admin account.  change that password, and you will have admin rights on your machine. 

that is all i'm saying about that...
https://bf3s.com/sigs/36e1d9e36ae924048a933db90fb05bb247fe315e.png
2008-05-12 07:26:08
ghettoperson
Member
+1,943|6659

Yeah I know, hence why I'm confused that the IT guy managed it without any credentials.
2008-05-12 07:30:18
killer21
Because f*ck you that's why.
+400|6601|Reisterstown, MD

steelie34 wrote:

if you are absolutely hellbent on taking control of your pc without IT's knowledge, a good first step is cracking your local admin account.  change that password, and you will have admin rights on your machine. 

that is all i'm saying about that...
Event log will catch that.  That is a good way to get fired.  I catch people doing that all the time (I'm a SysAd at Lockheed Martin).  I don't have a problem letting someone have admin rights to their pc as long as they don't anything stupid...after all, if they screw something up, it's only their machine affected.

Edit;  I guess I should reread my post before posting....

Last edited by killer21 (2008-05-12 07:50:21)

2008-05-12 07:42:53
ghettoperson
Member
+1,943|6659

killer21 wrote:

steelie34 wrote:

if you are absolutely hellbent on taking control of your pc without IT's knowledge, a good first step is cracking your local admin account.  change that password, and you will have admin rights on your machine. 

that is all i'm saying about that...
Event log will catch that.  That is a good way to get fired.  I catch people doing that all the time (I'm a SysAd at Lockheed Martin).  I don't have a probably letting someone have admin rights to their pc as long as they don't anything stupid...after all, if they screw something up, it's only their machine affected.
Do you get people fired at your work for doing that, or just cautioned?
2008-05-12 07:46:27
killer21
Because f*ck you that's why.
+400|6601|Reisterstown, MD

ghettoperson wrote:

Do you get people fired at your work for doing that, or just cautioned?
I, personally try not to get people fired.  If I happen to see the event log, I'll remote into the persons pc and see what they are doing.  Sometimes, I will pull up notepad and send a message to them to be careful about their activity.  I know of other Sys Admins who will get people in trouble from doing stuff like that or people who download games and stuff.  I wouldn't do that.  I just give warnings.
2008-05-12 08:05:40
steelie34
pub hero!
+603|6391|the land of bourbon

killer21 wrote:

steelie34 wrote:

if you are absolutely hellbent on taking control of your pc without IT's knowledge, a good first step is cracking your local admin account.  change that password, and you will have admin rights on your machine. 

that is all i'm saying about that...
Event log will catch that.  That is a good way to get fired.  I catch people doing that all the time (I'm a SysAd at Lockheed Martin).  I don't have a problem letting someone have admin rights to their pc as long as they don't anything stupid...after all, if they screw something up, it's only their machine affected.

Edit;  I guess I should reread my post before posting....
agreed.  anything done without IT's knowledge is a case for termination.  of course they don't fire everyone who mucks around with their system, but it gives your business a reason if they ever needed one.

ok that was my disclaimer.  your next step after cracking your admin account would be to delete the security log of the system.  it sounds like killer's network keeps detailed security logs of successful and failed security events, so a password change on the admin account will be logged.  unless they store these logs on a separate server (most companies allow them to stay on the local machine) you can remove the logs and hope it will go unnoticed.

i do not condone any of this, i'm just posting to contribute to the knowledge base.

Last edited by steelie34 (2008-05-12 08:06:20)

https://bf3s.com/sigs/36e1d9e36ae924048a933db90fb05bb247fe315e.png
2008-05-12 08:11:11
B00MH3ADSH0T
Fresh NoobCaeks Here
+118|6401|Penrith,Nsw, Aus

killer21 wrote:

ghettoperson wrote:

Do you get people fired at your work for doing that, or just cautioned?
I, personally try not to get people fired.  If I happen to see the event log, I'll remote into the persons pc and see what they are doing.  Sometimes, I will pull up notepad and send a message to them to be careful about their activity.  I know of other Sys Admins who will get people in trouble from doing stuff like that or people who download games and stuff.  I wouldn't do that.  I just give warnings.
Lol opening up a notepad on their pc and saying no looking at prons at work. Or "i am behind you"
2008-05-12 08:20:49
killer21
Because f*ck you that's why.
+400|6601|Reisterstown, MD

steelie34 wrote:

agreed.  anything done without IT's knowledge is a case for termination.  of course they don't fire everyone who mucks around with their system, but it gives your business a reason if they ever needed one.

ok that was my disclaimer.  your next step after cracking your admin account would be to delete the security log of the system.  it sounds like killer's network keeps detailed security logs of successful and failed security events, so a password change on the admin account will be logged.  unless they store these logs on a separate server (most companies allow them to stay on the local machine) you can remove the logs and hope it will go unnoticed.

i do not condone any of this, i'm just posting to contribute to the knowledge base.
Very detailed.  There are ways around getting stuff logged but I don't want to get the banhammer here so I'll just say that it can be done.  However, there is risk to anything you do so....And yes, logs are on local machines but the users do not have access to them.

B00MH3ADSH0T wrote:

Lol opening up a notepad on their pc and saying no looking at prons at work. Or "i am behind you"
lol yea.  It is quite funny to me to remote into someone's pc and they are doing something they shouldn't be during, e.g. downloading a flash game and me bring up notepad and type something....They freak and quickly close notepad and the game.  Makes me laugh everytime.  I aer in your pc all teh time!

Last edited by killer21 (2008-05-12 08:38:25)

2008-05-12 08:47:21
mikkel
Member
+383|6611

killer21 wrote:

B00MH3ADSH0T wrote:

Lol opening up a notepad on their pc and saying no looking at prons at work. Or "i am behind you"
lol yea.  It is quite funny to me to remote into someone's pc and they are doing something they shouldn't be during, e.g. downloading a flash game and me bring up notepad and type something....They freak and quickly close notepad and the game.  Makes me laugh everytime.  I aer in your pc all teh time!
Sounds pretty Orwellian, to be honest.
2008-05-12 09:05:25
Ninja_Kid2002
Member
+119|6277|Floodsville, TN, (UK really)

steelie34 wrote:

trying to circumvent your company's efforts to lock down your systems is a great way to get fired.  just my two cents.  ask your IT person if you can use your CD player.  chances are they'll let you. 

if you don't care about being fired, than you have to find a way to get your user account into the local admin group on your machine.  from there you can easily remove gpo settings and do whatever you want.  fair warning: if any IT people check your system logs, they can tell if the network group policy is no longer being applied.  i won't go into detail about cracking group policy, because i dont want any AWMs.  google is your friend.

everyone else's suggestions are in the ballpark of what you need to do, but all of it is moot without local admin rights.  this is the most important thing to do before you can try anything else.
Fortunately the IT guys in this place aren't very good. I'm not supposed to have internet access, but here I am. Just a quick diddle in the regedit, change the LAN settings to use a proxy server and I have internet!
I used to be able to enable the USB drives, but then they restricted gpedit.msc.

I can now get into device manager, where I can see that the CD-ROM drive has a yellow warning sign by it, suggesting that it has improperly installed drivers. however the driver is the most up-to-date, it is enabled, but says:

Device Manager wrote:

A driver (service) for this device has been disabled.  An alternate driver may be providing this functionality. (Code 32)

Click Troubleshoot to start the troubleshooter for this device.
Like I mentioned before, I'm 99% sure he didn't type anything to log in as an admin and could change it from a normal user's account
2008-05-12 09:30:07
steelie34
pub hero!
+603|6391|the land of bourbon

Ninja_Kid2002 wrote:

steelie34 wrote:

trying to circumvent your company's efforts to lock down your systems is a great way to get fired.  just my two cents.  ask your IT person if you can use your CD player.  chances are they'll let you. 

if you don't care about being fired, than you have to find a way to get your user account into the local admin group on your machine.  from there you can easily remove gpo settings and do whatever you want.  fair warning: if any IT people check your system logs, they can tell if the network group policy is no longer being applied.  i won't go into detail about cracking group policy, because i dont want any AWMs.  google is your friend.

everyone else's suggestions are in the ballpark of what you need to do, but all of it is moot without local admin rights.  this is the most important thing to do before you can try anything else.
Fortunately the IT guys in this place aren't very good. I'm not supposed to have internet access, but here I am. Just a quick diddle in the regedit, change the LAN settings to use a proxy server and I have internet!
I used to be able to enable the USB drives, but then they restricted gpedit.msc.

I can now get into device manager, where I can see that the CD-ROM drive has a yellow warning sign by it, suggesting that it has improperly installed drivers. however the driver is the most up-to-date, it is enabled, but says:

Device Manager wrote:

A driver (service) for this device has been disabled.  An alternate driver may be providing this functionality. (Code 32)

Click Troubleshoot to start the troubleshooter for this device.
Like I mentioned before, I'm 99% sure he didn't type anything to log in as an admin and could change it from a normal user's account
on the driver tab where it says it's disabled, what file is it trying to use?  it should be something with a .sys extension.  tell me that, and i'll tell what service you need to enable

a little research indicates that it's most likely cdrom.sys

go to this key in the registry: HKLM\system\current control set\services\cdrom

on the right side of the window, make sure the key listed as "start" is set to 1.

Last edited by steelie34 (2008-05-12 09:34:44)

https://bf3s.com/sigs/36e1d9e36ae924048a933db90fb05bb247fe315e.png

 

Pages: 1

Board footer

Privacy Policy - © 2024 Jeff Minard