Hi guys, i would like to make the long story short, and give you a summary. I work on a company mainly of techy geeky people who do a lot of technological work, basically enterprise grade outsourcing, but i dont want to get too much in to details. Most of us a really advanced in computer usage and mainly concentrate on programming and networking. However, we have an idiot as an IT guy, a single guy dealing with 300 people. YES, and he is lucky having 300 quazi IT coworkers as his clients...he is very lazy, to a point that he'll give one a week or two to install relevant software, and then will take the privileges off. I dont have much experience with Windows Domains, but i used to work as a help desk for a company too. I understand if any of you thinks that the poor guy may be dealing with 300 noobs, NO, seriously, every each one is a very qualified person possessing more then average technological skills, with half of the team very comfortable in linux too. Never in my 3 year in this company did we have a virus case, FROM THE ENGINEERS, where as the HR which is full of dumb people report every 2-3 days having popups around, you see the difference? My question is, with temporary administrative privileges, how do i survive here? I really want a permanent solution to avoid having to deal with this idiot once and for all. I have a Win 10 Pro set up, and according to a friend of mine, with a very loose domain tie (whatever that means). I'd wipe the whole thing if i could cause im using an MBR setup on a very UEFI capable system (telling, he's an idiot), but the system is bios locked too. bloody hell, sorry for the rage guys
that's a risk im willing to take i just read that pressing "leave organization" while im on local domain network will work, as i already have the privileges, is that correct? Will that notify the controller and expose me somehow?
no, i wouldnt give a damn to admit that...besides, even on stolen stuff, i wouldn't put my hands on enterprise hardware.
paranoia and moral aside, the "company" depends on quite a few lads like me. Nobody has time to deal with the guy, and he has spare time most of the time. trust me mate, i know lazy, i work my arse off, all i need is a solution, not judging .
Basically you do what you want with your home system, and the company does what it wants with its system. End of story. You just need to let it go.
I can think of advantages to running an MBR system, such as TrueCrypt and Veracrypt system encryption support. What features are you sorely missing not running UEFI? You could gain admin access over your computer by joining it to another domain that you control. You'd have to bring in a VM with a domain server on a laptop, and connect to it instead of your network. Once you're on that new domain, you can create a local account that you're an admin of and remove the computer from that domain and join a workgroup. You won't be able to rejoin your corporate network though. If you need any resources from that network, you'd be hosed. Also, if he's not as lazy as you think, he'll notice there's a workgroup now on the network with your computer in it. All of this would get you fired, but it won't land you in jail the way stealing the admin domain credentials might.
u want to have full control....if u leave the enterprise u will no longer be able to access the shares or apps inside the domain......and sense u dont know how the policy is set, if u dis-join from the enterprise u mite not be able to log back in.....yes u will have full control as a stand alone machine but isolated from the network.....dont know what to tell u....my advice dont risk your job unless u have another one to fall back on....good luck.
It depends on how your network is set up, but you would likely expose yourself to a bit of trouble and cause you more issues than it would solve. With temporary admin privileges or even off-line disk access you could set up another local admin account, or create a service running something like ncat to give you a system shell...
he should post hes question in server forum....maybe some of the guys their that play and understand servers well can give him a better answer.
So, what do u want actually? I as an it guy also dont understand. You want your account an administrator on your workstation? Or u want to have the domain administrator password? Or u want to know bios password so u can reformat? Edit: i read again and i figure bout what you really want. You want your account to be an administrator so that you can install whatever software you want anytime...
Yeah we also sometimes met with the same kind of admin response in one of my previous jobs. However I might suggest a different approach. We used to need certain software and access to do our job too. So we simply submitted the request to the lazy admin and simply waited till complaints and loss of revenue occurred because we couldn't get the job done. At such a moment the management usually steps in and gives the admin a kick up the behind. After that no more problems. I'd rather be more pro-active and constructive about it but sometimes there is simply no other way to get a point across.
While you have admin privilegies you could create a local admin account on your PC. Next time any UAC appears just use user: .\yourlocalocaladmin pass: yourpass This could work, this simple.
P0rt , Thanks for the comical relief. My advice for you would be to either let it go, or somehow take it up to management to get yourself vetted as an IT Superuser after you have documented (as @pvden777 suggests) and proven your IT is as lazy as you say. Your excuses (please review below) are laughable, any good IT Manager would not let you near their systems. >>>Beginning of your quotes>>> “However, we have an idiot as an IT guy, a single guy dealing with 300 people. YES, and he is lucky having 300 quazi IT coworkers as his clients...he is very lazy, to a point that he'll give one a week or two to install relevant software, and then will take the privileges off.” “I don’t have much experience with Windows Domains, but i used to work as a help desk for a company too.” “NO, seriously, every each one is a very qualified person possessing more then average technological skills, with half of the team very comfortable in linux too” “the "company" depends on quite a few lads like me. Nobody has time to deal with the guy” >>>>End of your quotes>>> I have been on both sides of the fence. I spent the first part of my IT career as a developer. “I” was smarter then the IT people, The organization depends on “Me” rather than the IT people. How dare they not let ME install what I want, yada, yada, yada. Then as my career progressed I wound being an IT Manager — I managed IT systems and development center. I found out my biggest headaches and the most damaging people to my network where the ones who made that same remarks as you did. The NOOBs as you say where no problem at all, the just needed to be helped along. So P0rt - I am not trying to make fun of you but you need to listen to some of these folks here and let this be a learning moment for you. None of them are going to help you violate the user agreement YOU signed saying you won’t gain illegal access to your computer system.
So many moral police in here. Listen up white knights: he didn't ask your opinion on IF he should do anything. He asked HOW. If you have no input on HOW, then you shouldn't be participating in the thread in the first place. That said - if you have temporary admin access to your machine, I'd take that time to install a VM hypervisor (like VMWare Workstation/Player) and then install your own copy of Windows (on encrypted VM disk) in a VM. You then have the best of both worlds. If you have a "guest" wifi network at work, you can even directly attach a USB wifi dongle to your VM and then attach your VM to the guest network. Everything on the VM stays private. Everything on the laptop stays work-related.
@roasty: Have you read the MDL rules? They're pretty strict about anything that might get MDL another DMCA takedown. (It's happened before) So people here are just following the rules for the sake of keeping MDL running. With that said... This is really awesome. I hope it works for the OP. (@roasty: Welcome to MDL)
How is OP's question related to the Digital Millennium Copyright Act? He's not talking about copying software. He's asking a functionality question with respect to Win10. Thanks - But my account is almost 9 years old! Mostly just a consumer though....