Need help beating Domain Controller

Discussion in 'Chit Chat' started by P0rt, Jul 18, 2016.

  1. P0rt

    P0rt MDL Novice

    Oct 23, 2011
    24
    1
    0
    Hi guys,

    i would like to make the long story short, and give you a summary.

    I work on a company mainly of techy geeky people who do a lot of technological work, basically enterprise grade outsourcing, but i dont want to get too much in to details.

    Most of us a really advanced in computer usage and mainly concentrate on programming and networking.

    However, we have an idiot as an IT guy, a single guy dealing with 300 people. YES, and he is lucky having 300 quazi IT coworkers as his clients...he is very lazy, to a point that he'll give one a week or two to install relevant software, and then will take the privileges off.

    I dont have much experience with Windows Domains, but i used to work as a help desk for a company too. I understand if any of you thinks that the poor guy may be dealing with 300 noobs, NO, seriously, every each one is a very qualified person possessing more then average technological skills, with half of the team very comfortable in linux too. Never in my 3 year in this company did we have a virus case, FROM THE ENGINEERS, where as the HR which is full of dumb people report every 2-3 days having popups around, you see the difference?

    My question is, with temporary administrative privileges, how do i survive here? I really want a permanent solution to avoid having to deal with this idiot once and for all.

    I have a Win 10 Pro set up, and according to a friend of mine, with a very loose domain tie (whatever that means). I'd wipe the whole thing if i could cause im using an MBR setup on a very UEFI capable system (telling, he's an idiot), but the system is bios locked too.

    bloody hell, sorry for the rage guys :p
     
  2. xscess

    xscess MDL Senior Member

    Jul 27, 2009
    304
    344
    10
    Well, you could lose your job... better talk to the manager or a coworker.
     
  3. P0rt

    P0rt MDL Novice

    Oct 23, 2011
    24
    1
    0
    that's a risk im willing to take

    i just read that pressing "leave organization" while im on local domain network will work, as i already have the privileges, is that correct? Will that notify the controller and expose me somehow?
     
  4. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    16,858
    21,196
    340
    Maybe the story is way shorter: stolen laptop? ;):D
     
  5. P0rt

    P0rt MDL Novice

    Oct 23, 2011
    24
    1
    0
    no, i wouldnt give a damn to admit that...besides, even on stolen stuff, i wouldn't put my hands on enterprise hardware.
     
  6. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    2,772
    453
    90

    your willing to lose your job over this? and your calling your IT guy a lazy fool. WOW!!!!!
     
  7. P0rt

    P0rt MDL Novice

    Oct 23, 2011
    24
    1
    0
    paranoia and moral aside, the "company" depends on quite a few lads like me. Nobody has time to deal with the guy, and he has spare time most of the time. trust me mate, i know lazy, i work my arse off, all i need is a solution, not judging :).
     
  8. dhjohns

    dhjohns MDL Guru

    Sep 5, 2013
    3,276
    1,731
    120
    Basically you do what you want with your home system, and the company does what it wants with its system. End of story. You just need to let it go.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. DasKreestof

    DasKreestof MDL Novice

    May 24, 2016
    1
    0
    0
    I can think of advantages to running an MBR system, such as TrueCrypt and Veracrypt system encryption support. What features are you sorely missing not running UEFI?
    You could gain admin access over your computer by joining it to another domain that you control. You'd have to bring in a VM with a domain server on a laptop, and connect to it instead of your network. Once you're on that new domain, you can create a local account that you're an admin of and remove the computer from that domain and join a workgroup.
    You won't be able to rejoin your corporate network though. If you need any resources from that network, you'd be hosed.
    Also, if he's not as lazy as you think, he'll notice there's a workgroup now on the network with your computer in it.
    All of this would get you fired, but it won't land you in jail the way stealing the admin domain credentials might.
     
  10. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    2,772
    453
    90
    u want to have full control....if u leave the enterprise u will no longer be able to access the shares or apps inside the domain......and sense u dont know how the policy is set, if u dis-join from the enterprise u mite not be able to log back in.....yes u will have full control as a stand alone machine but isolated from the network.....dont know what to tell u....my advice dont risk your job unless u have another one to fall back on....good luck.
     
  11. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,544
    60
    It depends on how your network is set up, but you would likely expose yourself to a bit of trouble and cause you more issues than it would solve.

    With temporary admin privileges or even off-line disk access you could set up another local admin account, or create a service running something like ncat to give you a system shell...
     
  12. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    2,772
    453
    90
    he should post hes question in server forum....maybe some of the guys their that play and understand servers well can give him a better answer.
     
  13. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,544
    60
    I doubt anyone is going to give out detailed instructions on how to "own" a machine.
     
  14. john123x

    john123x MDL Member

    Jun 5, 2011
    109
    83
    10
    #14 john123x, Jul 19, 2016
    Last edited: Jul 19, 2016
    So, what do u want actually?

    I as an it guy also dont understand.

    You want your account an administrator on your workstation? Or u want to have the domain administrator password? Or u want to know bios password so u can reformat?


    Edit: i read again and i figure bout what you really want. You want your account to be an administrator so that you can install whatever software you want anytime...
     
  15. pvdven777

    pvdven777 MDL Member

    Jul 4, 2010
    115
    29
    10
    Yeah we also sometimes met with the same kind of admin response in one of my previous jobs.

    However I might suggest a different approach.

    We used to need certain software and access to do our job too. So we simply submitted the request to the lazy admin and simply waited till complaints and loss of revenue occurred because we couldn't get the job done. At such a moment the management usually steps in and gives the admin a kick up the behind.

    After that no more problems.
    I'd rather be more pro-active and constructive about it but sometimes there is simply no other way to get a point across.
     
  16. aristofeles

    aristofeles MDL Novice

    May 26, 2008
    8
    1
    0
    While you have admin privilegies you could create a local admin account on your PC.
    Next time any UAC appears just use
    user: .\yourlocalocaladmin
    pass: yourpass

    This could work, this simple.
     
  17. ccbiggs

    ccbiggs MDL Novice

    Jan 24, 2010
    11
    6
    0
    P0rt ,

    Thanks for the comical relief. My advice for you would be to either let it go, or somehow take it up to management to get yourself vetted as an IT Superuser after you have documented (as @pvden777 suggests) and proven your IT is as lazy as you say.

    Your excuses (please review below) are laughable, any good IT Manager would not let you near their systems.

    >>>Beginning of your quotes>>>

    “However, we have an idiot as an IT guy, a single guy dealing with 300 people. YES, and he is lucky having 300 quazi IT coworkers as his clients...he is very lazy, to a point that he'll give one a week or two to install relevant software, and then will take the privileges off.”

    “I don’t have much experience with Windows Domains, but i used to work as a help desk for a company too.”

    “NO, seriously, every each one is a very qualified person possessing more then average technological skills, with half of the team very comfortable in linux too”

    “the "company" depends on quite a few lads like me. Nobody has time to deal with the guy”

    >>>>End of your quotes>>>

    I have been on both sides of the fence. I spent the first part of my IT career as a developer. “I” was smarter then the IT people, The organization depends on “Me” rather than the IT people. How dare they not let ME install what I want, yada, yada, yada.

    Then as my career progressed I wound being an IT Manager — I managed IT systems and development center. I found out my biggest headaches and the most damaging people to my network where the ones who made that same remarks as you did. The NOOBs as you say where no problem at all, the just needed to be helped along.

    So P0rt - I am not trying to make fun of you but you need to listen to some of these folks here and let this be a learning moment for you. None of them are going to help you violate the user agreement YOU signed saying you won’t gain illegal access to your computer system.
     
  18. roasty

    roasty MDL Novice

    Dec 1, 2007
    35
    6
    0
    So many moral police in here. Listen up white knights: he didn't ask your opinion on IF he should do anything. He asked HOW. If you have no input on HOW, then you shouldn't be participating in the thread in the first place.

    That said - if you have temporary admin access to your machine, I'd take that time to install a VM hypervisor (like VMWare Workstation/Player) and then install your own copy of Windows (on encrypted VM disk) in a VM. You then have the best of both worlds. If you have a "guest" wifi network at work, you can even directly attach a USB wifi dongle to your VM and then attach your VM to the guest network. Everything on the VM stays private. Everything on the laptop stays work-related.
     
  19. Michaela Joy

    Michaela Joy MDL Crazy Lady

    Jul 26, 2012
    3,649
    3,950
    120
    @roasty: Have you read the MDL rules? They're pretty strict about anything that might get MDL another DMCA takedown. (It's happened before)

    So people here are just following the rules for the sake of keeping MDL running. :)

    With that said...

    This is really awesome. I hope it works for the OP. :thumbsup:

    (@roasty: Welcome to MDL)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  20. roasty

    roasty MDL Novice

    Dec 1, 2007
    35
    6
    0
    How is OP's question related to the Digital Millennium Copyright Act? He's not talking about copying software. He's asking a functionality question with respect to Win10.

    Thanks - But my account is almost 9 years old! :D Mostly just a consumer though....