Calling All You Win2k Gurus / Hackers

Spooner

Lifer
Jan 16, 2000
12,025
1
76
I'm looking to see if it's possible to install something using Windows 2000 without having Administrator Access to the local machine.

there has to be a way. Let's use the simple program AIM as an example.
 

Czar

Lifer
Oct 9, 1999
28,510
0
0
install it on another computer where you can install it, copy onto floppy or write to cd the installed program and see if it works on the other computer
 

iamwiz82

Lifer
Jan 10, 2001
30,772
13
81
Originally posted by: Czar
install it on another computer where you can install it, copy onto floppy or write to cd the installed program and see if it works on the other computer

i think AIM add to the registry, he wont be able to do that. If he copies it, i dont think it will work because those reg. keys arent there.
 

geekender

Platinum Member
Apr 26, 2001
2,414
0
0
It depends on your restrictions to the local machine. What groups is your account a member of? Also, are there restrictions?(no access to run, control panel, regedit?)
 

Turin39789

Lifer
Nov 21, 2000
12,218
8
81
its possible the program will create the keys on it's first run, but of course without the rights to do so, the program will not be able to. Can't you just run AIMEXPRESS, the java aim available on aol.com? At my last job in a large win2k environment we spent a lot of time tracking down the individual registry keys that were screwing up programs, rights were one of the biggest problems we had. When we installed a program across the board with admin rights, sometimes the users couldnt run it. We would occasionally resort to installing with basic user rights, but giving the basic user the rights over the troublesome registry entries.
 

Spooner

Lifer
Jan 16, 2000
12,025
1
76
Originally posted by: Turin39789
its possible the program will create the keys on it's first run, but of course without the rights to do so, the program will not be able to. Can't you just run AIMEXPRESS, the java aim available on aol.com? At my last job in a large win2k environment we spent a lot of time tracking down the individual registry keys that were screwing up programs, rights were one of the biggest problems we had. When we installed a program across the board with admin rights, sometimes the users couldnt run it. We would occasionally resort to installing with basic user rights, but giving the basic user the rights over the troublesome registry entries.
well, this isn't for me as i have full access to my machine.

anyway, AIM was just an example (although she does want to install that too ;) ) but there are some other things as well
 

Saltin

Platinum Member
Jul 21, 2001
2,175
0
0
What a beautiful sight.
Users helping users.

Tell your friend to get back to work. She can install what she likes at home.... you know.... on her own machine.

If your friend is unable to install apps, that's the way the admins wants it. My magic eight-ball says she wont be able to get it done...especially if she has to post here for help on it.
 

Spooner

Lifer
Jan 16, 2000
12,025
1
76
Originally posted by: Saltin
What a beautiful sight.
Users helping users.

Tell your friend to get back to work. She can install what she likes at home.... you know.... on her own machine.

If your friend is unable to install apps, that's the way the admins wants it. My magic eight-ball says she wont be able to get it done...especially if she has to post here for help on it.
well, aren't you a boat load of useful information?

:|
 

Saltin

Platinum Member
Jul 21, 2001
2,175
0
0
well, aren't you a boat load of useful information

I am in fact, but not when it comes to stuff like this. Call it my pet peeve....
Most of the guys who know thier 2k inside out here are Sys Admins. Why would I help you with something that causes my peers grief?
 

Thor86

Diamond Member
May 3, 2001
7,886
7
81
Originally posted by: Saltin
well, aren't you a boat load of useful information

I am in fact, but not when it comes to stuff like this. Call it my pet peeve....
Most of the guys who know thier 2k inside out here are Sys Admins. Why would I help you with something that causes my peers grief?

Couldn't have said it better. TY!!

For those that don't know, or never visited this site.....
This Friday is Sys Admin Day!
Link

Read some of the links, hilarious stuff.
 

stash

Diamond Member
Jun 22, 2000
5,468
0
0
Most of the guys who know thier 2k inside out here are Sys Admins. Why would I help you with something that causes my peers grief?

Amen my brother! :)
 

SwampsterFL

Member
Oct 30, 2001
171
0
0
Spooner,

I make my living acting as the "systems administrator" for various companies in central Florida that are too small to have their own in-house department to handle this.

By far and away, my biggest money maker is an unqualified user doing exactly what you are trying to do. The best and safest advice I can give you in this tight job market is to ask the person responsible for administrating your system to install it for you. If company policy does not allow him/her to do this, then accept the fact that you are working on a piece of equipment that doesn't belong to you, and abusing it IS grounds for removal in most companies.

Last week, I spent 10 hours mopping up the damage from someone who did exactly what you are trying to do. The only saving grace for them was that the user (at a remote site) didn't try to contact the main server in the home office or she would have trashed the entire network.

Needless to say, when they got my bill, she got the ax.
 

iamwiz82

Lifer
Jan 10, 2001
30,772
13
81
Originally posted by: SwampsterFL
Spooner,

I make my living acting as the "systems administrator" for various companies in central Florida that are too small to have their own in-house department to handle this.

By far and away, my biggest money maker is an unqualified user doing exactly what you are trying to do. The best and safest advice I can give you in this tight job market is to ask the person responsible for administrating your system to install it for you. If company policy does not allow him/her to do this, then accept the fact that you are working on a piece of equipment that doesn't belong to you, and abusing it IS grounds for removal in most companies.

Last week, I spent 10 hours mopping up the damage from someone who did exactly what you are trying to do. The only saving grace for them was that the user (at a remote site) didn't try to contact the main server in the home office or she would have trashed the entire network.

Needless to say, when they got my bill, she got the ax.

Wow, you obviously dont run a very tight ship yourself. I work for a medium sized business and can say that no user could install anything that could damage the OS or PC itself. It is locked down tight enough that they cannot install adobe acrobat reader without me
:). I'd LOVE to know how she trashed her PC and would have trashed a network? Are you not running anti virus software?

I hate these holier than thou people :disgust:
 

bsobel

Moderator Emeritus<br>Elite Member
Dec 9, 2001
13,346
0
0
Most of the guys who know thier 2k inside out here are Sys Admins. Why would I help you with something that causes my peers grief?

Not to mention participating in a crime (yes Spooner, this is a crime that your friend could be prosecuted for if her company doesn't have a good sense of humor). Whats likely to get her prosecuted? Taking the AIM example if she where (not intentionally) to cause her machine and thereby her company to get infected by something she received via AIM (either downloaded, or remember the AIM exploits?).

I'm looking to see if it's possible to install something using Windows 2000 without having Administrator Access to the local machine.

I will answer this tho. It's entirely possible to install something without admin access. The issue isn't as much around being 'admin' as having the proper registry and file system rights. Those rights will vary depending on how the machine is controlled. So your real question is, can I circumvent those controls? Short answer, no. Long answer, since you have phyiscal control of the box there are long and complicated things you might do. Most would definately result in termination, if not the above mentioned prosecution.

Bill


 

Saltin

Platinum Member
Jul 21, 2001
2,175
0
0
Wow, you obviously dont run a very tight ship yourself. I work for a medium sized business and can say that no user could install anything that could damage the OS or PC itself. It is locked down tight enough that they cannot install adobe acrobat reader without me

Policy (in a proper organization) should never be set by IT. They should be consulted regarding opinions and thoughts, but the final say is invariably with management.
I've worked in places where everyone is locked down, and I've worked in places where they arent.

The place I admin now is a software house. The developers REQUIRE local admin rights to do thier job/testing. There are no two ways about that. Do I like it? NO! Do I live with it? Yes. Thankfully they arent "joe user". If your users are "joe user" then lock them down. That doesnt give you the right to shoot your mouth off about "tight ships"
Any momo can lock down a network "so tight that users cannot install adobe w/o me". Big deal.

A real test is trying to stop local admins from damaging the domain, unintended as it may be.

I don't think the person you are criticizing intended to be condecending in any way. I think he was just making a valid point. If you do not have the rights you do not need the rights. If you do need the rights ask the Admins! Don't attempt to be a l33t haxor!

I find it amusing that you commented on how you "hate people with holier than thou attitudes". Your the only one here with that attitude, pal.

Everyone else has simply expressed thier opinions. Thats what these boards are for.
 

SwampsterFL

Member
Oct 30, 2001
171
0
0
The point about locking down the office in a medium sized company is valid, but not practical in the size companies I work with.

In this case, it was one of my clients who only use me on a repair/as needed basis and thus I have little or no control over keeping little things like virus software up to date. That was the problem, as the user installed several instant messanger and got a virus (Klez.H).

Once that was brought under control, it was then their desire that I bring all their systems up to date plus run a complete scan on all systems. Yes, part of the blame had to be accepted by management as they didn't see that their protection was up to date, but . . . they felt fairly safe in that they were only accessing fee based sites and they are usually not a great risk.

In other words, they were presuming that all their employees were loyal and trustworthy and not prone to violating known company policies.



 

iamwiz82

Lifer
Jan 10, 2001
30,772
13
81
Originally posted by: Saltin
Wow, you obviously dont run a very tight ship yourself. I work for a medium sized business and can say that no user could install anything that could damage the OS or PC itself. It is locked down tight enough that they cannot install adobe acrobat reader without me

Policy (in a proper organization) should never be set by IT. They should be consulted regarding opinions and thoughts, but the final say is invariably with management.
I've worked in places where everyone is locked down, and I've worked in places where they arent.

The place I admin now is a software house. The developers REQUIRE local admin rights to do thier job/testing. There are no two ways about that. Do I like it? NO! Do I live with it? Yes. Thankfully they arent "joe user". If your users are "joe user" then lock them down. That doesnt give you the right to shoot your mouth off about "tight ships"
Any momo can lock down a network "so tight that users cannot install adobe w/o me". Big deal.

A real test is trying to stop local admins from damaging the domain, unintended as it may be.

I don't think the person you are criticizing intended to be condecending in any way. I think he was just making a valid point. If you do not have the rights you do not need the rights. If you do need the rights ask the Admins! Don't attempt to be a l33t haxor!

I find it amusing that you commented on how you "hate people with holier than thou attitudes". Your the only one here with that attitude, pal.

Everyone else has simply expressed thier opinions. Thats what these boards are for.


Go back and read the first post, he asked how to do something, not if you found it morally or ethically correct. We answered on topic, and then it was brought off topic because someone didn't like the idea. How is it your place to tell others what YOUR COMPANY finds wrong? It isn't any of your business! Answer the question, don't use his bandwidth to spout your holier than thou beliefs.
 

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: iamwiz82
Originally posted by: Saltin
Wow, you obviously dont run a very tight ship yourself. I work for a medium sized business and can say that no user could install anything that could damage the OS or PC itself. It is locked down tight enough that they cannot install adobe acrobat reader without me

Policy (in a proper organization) should never be set by IT. They should be consulted regarding opinions and thoughts, but the final say is invariably with management.
I've worked in places where everyone is locked down, and I've worked in places where they arent.

The place I admin now is a software house. The developers REQUIRE local admin rights to do thier job/testing. There are no two ways about that. Do I like it? NO! Do I live with it? Yes. Thankfully they arent "joe user". If your users are "joe user" then lock them down. That doesnt give you the right to shoot your mouth off about "tight ships"
Any momo can lock down a network "so tight that users cannot install adobe w/o me". Big deal.

A real test is trying to stop local admins from damaging the domain, unintended as it may be.

I don't think the person you are criticizing intended to be condecending in any way. I think he was just making a valid point. If you do not have the rights you do not need the rights. If you do need the rights ask the Admins! Don't attempt to be a l33t haxor!

I find it amusing that you commented on how you "hate people with holier than thou attitudes". Your the only one here with that attitude, pal.

Everyone else has simply expressed thier opinions. Thats what these boards are for.


Go back and read the first post, he asked how to do something, not if you found it morally or ethically correct. We answered on topic, and then it was brought off topic because someone didn't like the idea. How is it your place to tell others what YOUR COMPANY finds wrong? It isn't any of your business! Answer the question, don't use his bandwidth to spout your holier than thou beliefs.

If the original poster's company has no problems with it, he would have the rights to install whatever wiz-bang-gizmo he wanted to. The "holier than thou attitude" you think exists is actually an understanding. Its more of a "Ive been there and dealt with users like this before and I dont want any other joe admin to have to deal with the same problems or worse." Its a professional respect thing for me. Go ask the network gurus how to get around a firewall to download warez at work. See what they say about it. Look for Spidey07's thread on a *REALLY* tough networking problem (and if he and the others took as long as they did to solve it you know it was hard!). See what one of these users did to his day at work, and what happened because of it.

Work as an admin. Deal with the crap of *reinstalling* some of your systems because of some jackass elevating his privledges. Yes, reinstall. That user has cracked your system. You dont know what he did. A reinstall is necessary at that point. When you deal with it, you realize how much it sucks and how much you dont want your peers to have to go through it.
 

mobogasm

Golden Member
Oct 25, 1999
1,033
0
0
try "mmc /a" , i think there is a setting in there that you can override if you add a snapin for local users, no admin rights needed.
 

Saltin

Platinum Member
Jul 21, 2001
2,175
0
0
How is it your place to tell others what YOUR COMPANY finds wrong? It isn't any of your business! Answer the question, don't use his bandwidth to spout your holier than thou beliefs.

What my company thinks is completely irrelevant to this discussion. The point I am trying to make (and that you are obviously missing) is that in a properly administered network a user's rights are a function of the level of trust management places in said user. If they cannot install an application, it is because they are not allowed to.

In this case, the poster (or his friend) is unable to install an application. Let's go ahead and assume that's because they arent supposed to. I am not stating my own, or my company's opinion here. I am echoing the poster's company's opinion.

It has been stated time and time again on this board that users should not attempt to override corporate policy on thier desktop. That's not people trying to be totalitarian or holier than thou! That's people telling others to be careful and consider the consequences and reprecussions. Sombody's job could be at stake. He could cause problems and a lot of extra work for administration, (not to mention that it's just downright disrespectful to circumvent policy)

In the end, Spooner is going to do what he thinks is best. He posted asking for help, and he got a few opinions. Thats the way it goes sometimes. If anything, I see the people who tried to warn him as more helpful than those that tried (meagerly, I might add) to help him achieve his goal. Hopefully he has re-considered, but if he hasn't ...oh well.
 

Dark1

Member
Mar 7, 2002
118
0
0
Truthfully don't even try it. If it is a program like AIM that your going to use over the network, you can get in trouble if the network is monitored which I'm sure it is. Also your machine might also be montiored for failed access events and possible success events as well but I don't think that they would go to that extreme on a local machine. Just wait until you get home to have your fun.
 

lowtech1

Diamond Member
Mar 9, 2000
4,644
1
0
Bring your own music on your personal device. As a user you must obey the company restriction.

I can see the rule would be lax for you to install your own apps if the company gave you Power_user or Admin_user status. You can install your personal stuffs if you have the power, but could be still be scrutinize for misuse of company resources.

Under your current position, you can be fire & fine for breaking the company regulation, misuse company resource, and trespassing/hacking/unlawful conduct.

Most company today have some kind of implementation to protect themselves against outsider & disgruntle employee, therefore they are very likely to have a proxy server, firewall that monitor all of your traffics to see where it come from or ongoing.

Another thing is that program such as Aim requier port 5190 to be open on the firewall.

You have reached your holly grail: wheel the power at your own risk.

Lock Smith

NTaccess