Windows NT security "work arounds".

[Topochicho]

Wow... are you all righteous pricks normally :| , or did your apparent inability to answer his question bring this out.

Maybe he is a toad that F@#%#%ks up his machine and the network around him, or just maybe he has to deal with a bunch of IT personnel such as yourselves who can't handle a simple request without pissing yourselves and then blaming it on him. :disgust:

Mutilator excellent answer, you are a scholar and a gentleman (or gentlewoman as it may be).

turf sorry I have no new info for you, I would check into Mutilator's answer though. You are lot less likely to get into trouble if you get granted privileges instead of hacking them.

 

[office boy]

<<Oh wait, my real plan is to Reverse Engineer the entire security structure of the network, so I can hack our server's subsystem and allocate all of it's resources to my own machine so I can then Host a dedicated server running Half Life (pirated of course)on our ATM for 50+ players, and have everyone on the LAN hooked in too. yada yada yada..... >>
Your admin really has no idea what you could be doing, and it is his job to keep you and the company safe.
We have to cover our asses too... If you got some porn or something on there, your admin has his ass on the line too.

 

[tim0thy]

imho, i agree there are some admins in this world of IT that don't know their ass from their elbow. i know, i'm in this field. there are also users that know some things in more details than some admins. generally, i will give the admin password to select users that i feel taht i can trust and they really do know what they are doing. it's a gut feeling for me.

 

[BoberFett]

turf

You came here to ask how to hack NT to get around security. If I caught you doing that on my network (with what little security there is) I'd get you fired before you knew what was happening. If they wanted people to hack through security, they wouldn't hire IT staff and install NT to begin with, now would they?

If lack of IT assitance is preventing you from doing your job, then take it up with your boss and he can bring it to the appropriate person. At that point the ball is in their court, and if they don't set you up properly, it's their asses and not yours.

 

[turf]

BobberFett. You have been one of the people who has had good answers for me in the past. The title of the thread is a little misleading. Bear in mind I've never worked with NT before. When I asked for a &quot;work around&quot; a password to allow me admin on my own machine is in fact that &quot;work around&quot;. I'm not a hacker, and probabaly couldn't figure it out if some one DID actually try to explain it to me. all I wanted to know is of it was something I was missing or doing wrong during the installiation of &quot;work related&quot; programs, that's all I came here to find out. Instead I get my @ss flamed off for asking about it by all of these self absorbed, Holier than thou, people who could even be members of the help desk I would be calling in my own place of work.

Man I am really disappointed in the replies I have received, aside from a select few, you know who you are, and the light this thread has been cast in.

Even though I didn't learn much about NT, I can say that I have learned something about most sys ad's from this thread..

hmmmmmm....

 

[office boy]

The only way for you to get the privleges that you want, is to ask your administrator for them.

 

[The Stigenator]

Ask your admin for it nicely and he will give you access. Most admin's are nice. However there are B*tches that basically ask me for admin (I am the youngest in the company and if I say no they crib about it). I give it to them and then the fsck it up and I have to answer to the boss on why so and so's machine isnt working and why is it taking so long.

Wanna be admin's... alteast know what you are doing before doing it.

 

[turf]

Like I've kept saying, I'm not even interested in full admin privileges at my comp. I simply would like to be able to install the programs I need. For the benefit of the admin's out there, I can see exactly where you are coming from. I'll ask, hopefully I'll get local workstation privileges. I'm not familiar with the in's and out's of Windows NT. Just wanted to know what I needed to do to be able to install programs I need. Now, I have my answer. Thank you all for that. Could have done without the roast though....

Time to go frag and take out some of this frustration on some newbie.

 

[office boy]

I'm sure most admins here will agree. That although being an admin is a fun job that I enjoy a lot. It is thankless and endless work, where almost everyone hates you because you won't let then do anything, and yet you are responsible for EVERYTHING that goes wrong (even if it has nothing to do with you).
Thank goodness I work for a small company. (15 computers)


Oh and just ask for power user, that should give you most everything you need, and keep the admin feeling pretty safe. (That is if you can't get local admin out of him(/her))

 

[Gepost]

I just found out that about five people from one section of my organization installed a program on their desktop computers. The program was about 600mb and they installed it in their DESKTOP folder, so that when they exited, their roaming profile saved it to the network server. Added almost 3gig to the server until I deleted it. One person even copied it to another workstation, meaning his actions took up three x 600mb of space.

 

[The Stigenator]

ohh.. that must suck.. I have a roming profile here. but I had to diable some people.. they were doing exactly as said. But now they go to another computer they still can access their data just not stuff on their desktop's.

 

[Shockwave]

I've never seen so much bullsh!t in one post. I agree with alot of different people here though. If you'd a tried hacking my network like that, I woulda got you fired before you could say &quot;But I just wanted.....&quot;

To the admins: SOME of you know what your doing and do it on time. Those are the god sends to companies, they are the ones who keep things working, who neevr get rewards or appreciated for what they are doing, but still do a tremendous job. To those of you, my congratulations. MOST of you dont know your ass from your elbows, dont do anything on time, would rather sit on your &quot;I have adeskjob and it shows&quot; ass and let users complain.
Dont agrue with me, I know. I used to be a network specialist. Like I said, SOME do there jobs well. Most dont. Before you critize someone for asking a question, stop and think what makes HIM ask that question. If your one whos complaining, its probably admins JUST LIKE YOU.

To the users: This isnt your home pc. This isnt a pc you paid for and brought to work. Do your job, then go home and delete the kernel file ( I had a user do this...My lord....) or whatever you want. However, you should be able to get SOME stuff on, sitting staring at a monitor typing all day is alot harder then most will think it is. Trust me, the admins DONT do it. Thats why they dont see a need for you to have anything fun or entertaining to take a break with. As for a work around for NT, well, just by asking that shows that you dont need it. Not to sound rude, but hacking NT is NOT beginner material here. Is there a work around. Yes. Is it easy. By no means. You could brute force hack it maybe. Or if your VERY inventive, use Partition Magic to put a &quot;personal&quot; side to your computer. But if the admin did find out, oh boy would he / we / I be pissed off. The best thing is to find a admin, or net specialist who works there that would give you what you need. Most people arent assholes so they understand and will overlook a few things, just dont get carried away! If that doesnt work, then by all means, tell your boss about the problem. If that doesnt get the slow admins to do some work, go talk to your bosses boss, and keep going until you get results.

To all: Thats the problem with this industry. Admins who get mad at users who dont know what there doing, and users who get mad at admins who dont do anything. The best thing to do is have coimmunication! Thats why we have networks to begin with. Admins, is winamp REALLY going to kill the machine? No, not if YOU get out there, install it, and show the user the basic commands. I know sititn on your arse is fun, but if you do your job, you will have less jobs to do. And if the users get one or two things, they WILL be much happier for it, and instead of thinkin all us admins are horrid people, maybe we can find a way to co-exist.

 

[miken]

If you need those programs each day, and can't go without them, then you don't have to worry, just blame the admin if they haven't been installed. Tell the truth, you have it already. You just want to play is all. You want to use Winamp to download music and suck bandwidth from your companies internet connection. You want to download Netscape because you don't want to use IE. If the company has to have you using a program, you will have it, otherwise the company is at fault, and you can just sit back and wait for it.

Don't tell me you do more work than me, you have no idea how much Sys Admins work each day. The reasons you have to wait is either because of the tight IT market, or a manager keeping the admin to busy with deadlines. More than likely that guy is so frustrated and frazzled that he can't sleep at night.

Tell me, what programs do you want to install? Gimme a list.. I can honestly tell you why some are horrible.

 

[ArkAoss]

hey we oughta quit flaming this guy, would you peeps read the whole thread, hey turf, i hope you can get in the stuff you need, and if you see some one stupider than you tryin to install stuff, save the admin time and give em a hand so it gets done corectly, then the admin will be likely to give you a little more power

 

[BreakApart]

Ok, i will do my best not to flame either side of this debate. Here is the operating procedure i have on MY network...

If you &quot;need&quot; a program, request it installed, along with an letter explaining why.(the reason for the letter is for the BOSS! If the system crashes because of your program, then neither you or i will get fired if he approved it for install) Unless of course this is a program i have confidence it will not pose any problems, in this case talking to me will get it installed. We also have programs we refuse to install, approved by the boss...

Granting rights on your system, opens security issues: Such as a co-worker using your &quot;special&quot; privledge machine to &quot;play&quot; with the network. It happens, you have to know that..?

I have little doubt you would destroy the network, heck you asked for the access rights, you would be the first person we questioned, if any hacking occured.

Any person on my network with &quot;special&quot; access rights is required to change passwords MUCH MUCH more often than everyone else, using &quot;rules&quot; we have setup.

Perhaps your admin HAS thought about giving you access rights, and the BOSS said no... Could be the case..?

I see both sides to this thread, and i must say personally &quot;Office boy&quot; is dead right on 98% of the things he has said. The other 2% is when he got grumpy... rofl

 

[thorin]

miken
&quot;Do you know how much WinAmp slows your machine down?&quot;

Yup, do you? On a P2 350 and Quantum drives the CPU load was only 9% MAX (normally 5% to 7%). On my c366@550 it's 6% MAX (normally 4% or 5%). And in both cases thats with Highest Priority class set for both WinAmp itself and the decoder plugin (check the prefs you'll see what I mean).

Thorin

 

[thorin]

You should have your admins setup a second partition for you that you can install your programs on. That way your stuff is kept seperate (well more seperate...not totally) from their base system install/config. This would also make life easier for them if they ever have to restore/reclone your system.

Thorin

 

[office boy]

Hahaha BreakApart.. I was grumpy yesterday...
(belive it or not, more trouble with people not knowing how Outlooks works, and one guy complaining that he couldn't get napster working )

 

[miken]

Thorin, sure 9%, and how much Internet bandwidth is he taking up by downloading song after song? eh? How much is he slowing down the company eh?

9% doesn't seem like much, but add in an AV program and such, and what do you have? Consider if the computer is more than one year old, and the registry is bloated! Boom! &quot;D@mn, I don't know why my computer is this slow, must just be Windows!&quot;

Bottom line is this, if the company wants you to play with their computers, fine. If the company doesn't then respect the people that PAY you week after week, and DON'T MODIFY THEIR PROPERTY.

 

[Lord Evermore]

Our local admin knows how horrible the image is that's installed by corporate. If we ask, he'll give us the local admin password (or at least the supervisors and leads have it), and then we can give ourselves admin rights on the local machine. We still don't have any more than normal user rights on our domain though, so we can't do anything special on the network, but it does give us the ability to install things that we need that corporate doesn't think we need. Our manager finds this to be much easier than convincing corporate to make a useful image. In fact we're trying to find a way that we can make our own customized image for these machines which will allow us to have all the right programs right off the bat.

Along with this, we're allowed to do more than just sit and stare at a computer screen mindlessly. There are hours of time in each day where we're sitting on hold for a telco and can't do anything work related because we start getting tickets mixed up, or where we're waiting for someone to do something and can't get involved with any other tickets because we're expecting a callback or something. During those times we surf websites or talk to people on AIM.

AIM is in fact a requirement in our department now, because our manager and supervisors can use it to communicate with us and we can talk to each other without yelling down the rows. In order to install it, we have to do a mini-hack by copying system files to the directories that AIM is looking for them in.

IE5.5 - It's always good to have the latest versions of most programs. Our manager is also a big Microsoft proponent. In fact he and all our supervisors have wiped the NT image that comes on their laptops and installed Win2K even though our LAN staff doesn't support it.

Exceed - provides shell access to the UNIX servers from our NT desktops. Full local admin rights (maybe even power user) required to install it.


Note that our LAN staff never thought to provide roaming profiles, so anytime we go to work on a different machine, we have to figure out whether any of the things we need are on it. (These machines are very flaky and have hard drives that fail regularly [yes, they start rattling, not just have stupid stuff installed that hoses the OS] so sometimes we end up having to get replacement machines. Every time that happens we have to take the time to rebuild our systems.

Most of the people in our department are very technical of course, and those that aren't don't try to install all kinds of garbage. In any case, we're well aware that if we hose it, all that will happen is the LAN guy will come by when he can and reimage it (or swap it with a spare that is already imaged). Anything that's installed will get wiped. Hopefully soon we'll get the ability to use our own image.

Oh yeah, our admin also told us that these machines have pretty huge hard drives, but they're only set up with 8 gig partitions, so he said feel free to partition yourself more drives if you want.

 

[office boy]

<< It's always good to have the latest versions of most programs >>


I guess that?s one area where we differ... I like to stay one behind, unless there is a problem and we NEED the upgrade.
(ex. no one here uses IE5.5 (at least the better not be :frown

I guess I just like to let guys like you find all the problems.

 

[cavingjan]

Vent Alert:
I just had a user crash his system. For the second time in a month. The easiest thing for me is to just ghost a working drive back on a hard drive and install it and take his old drive and mess with it later. Although he never trades stocks (but he has two) he insists that he must have his MyTrack software running all the time. I'll grant our users a cd playing program, AIM (even some groups in the feds have started using it. AOL is slowly taking over the world) for both chat and checking email (smaller footprint than an Outlook2K), and winzip but I get tired of everybody trying to install other things. I wish I could move us away from win98. Napster has screwed up three computers in the past two weeks and I'm getting sick of it. I spend more time debugging other people's eroneous program installs than doing my job. I even had one user who can't move to another computer without somehow knocking himself off the network. He complained to me. I went down and logged off the current user (granted this is still win98) and I could find every network share he needed and then some.
But I think I'm preaching to the choir but I needed to vent.
Thanks for listening. If you were smart, you'd have stopped at the warning.
BTW His MyTrack did not completely survive the last transfer and he has been unable to install it correctly. I just wish I knew what I did (right).

 

[turf]

Miken obviously hasn't taken time to read a single post I've put up. He obvoiusly missed the part where I stated winamp was a bad example. He obviously missed the part about needing Netscape Composer for editing webpages, along with the part about needing to share files between workstations. You still don't get it do you. Sorry, but I use my home machine for saving media files, (other that the ones I receive in my e-mail, those get deleted.). And why wouldn't I,.. It only has about 4x the performance and 15x the storage of my workstation. Sorry, but I can't see benefiting from trying to use my workstation for those reasons. However I can see being able to have privileges to install what I need to do my D@MN job, as you like to put it.

And as far as bandwidth is concerned, we run on ATM. Don't really think that's much of a problem here. I couldn't hog up our bandwith if I was trying to download the whole d@mn Library of Congress. Jeez, you must really be beside yourself to assume you know My motives. All you want to do is sit there and flame people for trying to find some answers. Do you not have anything better to do. I mean Really....

 

[thorin]

&quot;Thorin, sure 9%, and how much Internet bandwidth is he taking up by downloading song after song? eh? How much is he slowing down the company eh?&quot;

Well in general 128kbit/sec. If he's downloading or streaming, but considering he probably has a collection at home he could burn a cd or two and bring his own in. And on a well configured 100BaseT network he would hardly slow anyone down at all.

&quot;9% doesn't seem like much, but add in an AV program and such, and what do you have?&quot;

On a P2 350? You have a company that doesn't upgrade enough. Any company that does serious AV editing/compilation on a P2 350 where a Max drain of 9% would matter, has bigger issues then their employees installing/using winamp.

&quot;Bottom line is this, if the company wants you to play with their computers, fine. If the company doesn't then respect the people that PAY you week after week, and DON'T MODIFY THEIR PROPERTY. &quot;

Yes I agree. He should ask for Local admin access and if they don't want to give it &quot;oh well&quot;.

Thorin

 

[ERJ]

Heh, this argument will go on forever. Ever since computers needed administration IT and the users have been in a constant battle with each other. Although it is getting better where I work it used to be a near bloodbath at times.

Both sides have good arguments. The ideal Administrator environment would be where every machine had all software installed on it. All the admin would have to do is allow / not allow the user to use it. The user would only be able to use the software and nothing more. All user work is saved on the network where it can be easily accessed for backup.

The user wants the power to do anything on their machines. If they have to wait for someone else to install software then they are being less productive and they have to explain to their bosses why something is not done.

The key is to find the compromise. It is hard to do. At my workplace users are given admin rights to their machines but are told to save all work to the network (else IT is not responsible for data loss) and if they screw up their machines by installing outside software they will be helped but it might be a while, a long while. This tends to work pretty well for most users but there are the odd users that just won't learn. Oh well...

Alright, I probably should not do this but....

turf, DO NOT use this as an excuse to do something on your PC that you shouldn't. If anything ask for your admin to grant you admin privilages to your machine. Breaking into your PC could result in you getting fired which is certainly not worth it. This said, there is a commercial product called ERD Commander Pro which allows you to reset the local admin password among other things. This is only for informational purposes as it can be a very useful program for screwed up machines.

office boy, you asked earlier about allocating bandwidth. I am sure there are plenty of solutions out there for this but one that I use at home (college roomates can easily hog the 15 k/s upload cable modem limit) is cbq which is a linux program which is included with many distributions. It allows for allocation of bandwidth per IP per port. If you are running a linux masq gateway or router then you might give this a try. It is pretty easy to set up and works well. The wonderful thing about cbq is that it is free .

Good luck,

ERJ