Ok so I sort of provoked a security type war between myself and a couple of the other IT guys here in the office. I noticed that they left their default admin c$ share running and had the Remote Registry service running, so I set up their PCs to play a boopee doopee doopdeedoop clip from Banaphone every time they opened, closed, minimized or maximized apps on their PCs.
Of coure retaliation was swift! I've been able to hold them off so far by disabling the above, and removing the Domain Admin account from my PC, but the one area I'm worried about is the MMC plugin, where they can right click their My Computer icon, choose manage, then connect to my pc, where they could easily start or stop services.
Anyone know how to disable their access to this option?
I'll also take any advice on what else to lock down!
(I have domain admin rights, so no I'm not some user who is doing stuff I shouldn't. This is all in fun)
UPDATE:
So at the end of the night last night I was able to change their backgrounds by using the admin share and putting my own background image in their profiles, overwriting what ever they had set for their desktop image. It was great, I had struck another blow!
Then when I came in this morning my PC was off. An obvious ploy to get me to log in and run a login script. I disconnected from the network, logged in, reconnected and removed the nefarious script. They tried to blame it on a power outtage but of course I was not fooled as my test server at my desk was still up and running.
I then noticed they had moved my PC to a seperate container in AD. I countered my changing the name of my PC to something that would blend in with the other computers in our building, and they wouldn't be able to find it.
They then put my actual user account in a seperate container, and proceeded to group policy me into oblivion. No rights, no icons, no start menu, and a barbie wallpaper. I recovered by logging out and in as Admin and putting my user back where it was supposed to be.
At this point a truce was called, we had determined that eventually we'd be running on DOS boxes disconnected from the network just to get some work done. I had to finish up by writing a batch script to change their backgrounds again (since they had figured out to lock out the admin share) and did a bit of social engineering to get them to run it. They did and will come into work tomorrow with bright pink backgrounds that say Truce... For now...
Muahaha!
Of coure retaliation was swift! I've been able to hold them off so far by disabling the above, and removing the Domain Admin account from my PC, but the one area I'm worried about is the MMC plugin, where they can right click their My Computer icon, choose manage, then connect to my pc, where they could easily start or stop services.
Anyone know how to disable their access to this option?
I'll also take any advice on what else to lock down!
(I have domain admin rights, so no I'm not some user who is doing stuff I shouldn't. This is all in fun)
UPDATE:
So at the end of the night last night I was able to change their backgrounds by using the admin share and putting my own background image in their profiles, overwriting what ever they had set for their desktop image. It was great, I had struck another blow!
Then when I came in this morning my PC was off. An obvious ploy to get me to log in and run a login script. I disconnected from the network, logged in, reconnected and removed the nefarious script. They tried to blame it on a power outtage but of course I was not fooled as my test server at my desk was still up and running.
I then noticed they had moved my PC to a seperate container in AD. I countered my changing the name of my PC to something that would blend in with the other computers in our building, and they wouldn't be able to find it.
They then put my actual user account in a seperate container, and proceeded to group policy me into oblivion. No rights, no icons, no start menu, and a barbie wallpaper. I recovered by logging out and in as Admin and putting my user back where it was supposed to be.
At this point a truce was called, we had determined that eventually we'd be running on DOS boxes disconnected from the network just to get some work done. I had to finish up by writing a batch script to change their backgrounds again (since they had figured out to lock out the admin share) and did a bit of social engineering to get them to run it. They did and will come into work tomorrow with bright pink backgrounds that say Truce... For now...
Muahaha!
