Need help beating Domain Controller

Discussion in 'Chit Chat' started by P0rt, Jul 18, 2016.

  1. john123x

    john123x MDL Member

    Jun 5, 2011
    116
    86
    10
    #21 john123x, Jul 21, 2016
    Last edited: Jul 21, 2016
    if ur criticizing us then who is going to criticize you?

    dude, there is something called free speech especially online. i am sure ur a morally ethical person, but you pick a wrong person to side with. ur now actually siding with a jackass prick that thinks hes very good at IT just because his PC didnt get infected by virus over 3 years....

    i recommend you to learn to respect peoples, and peoples will respect you. I dont think you respect peoples here when you deem us as "moral police"
     
  2. MacAddict01

    MacAddict01 MDL Member

    Mar 3, 2011
    150
    20
    10
    This is all I did for the last company I worked for. Was simple and the IT Director never once mentioned it. Then again, I doubt he was concerned with how my computers were setup as long as legal software only resided on them ;)
     
  3. 1ManMafia

    1ManMafia MDL Novice

    Sep 3, 2013
    42
    1
    0
    #23 1ManMafia, Jul 21, 2016
    Last edited: Jul 21, 2016
    Find a bootable software that will unlock the local administrator account or create one.
    Log in with this "new" account.

    From there, control panel -> administrative tools -> computer management -> local users and groups -> groups -> administrators and add YOUR NETWORK account.

    Restart. And you are good to go. Don't tell him anything.

    Keep in mind this gives your network login only admin access to the local computer.

    If you want domain admin to be able to add remove computers off the network, create network accounts etc, an actual domain administrator must authorize you on the network.

    3 pages of useless crap.
     
  4. T-S

    T-S MDL Guru

    Dec 14, 2012
    3,984
    1,331
    120
    No Michela.


    Here is pretty simple, people are discussing about something where they have nothing to say.

    It's a trend nowadays.

    Try to ask a question like "how I can get back the GO button on my browser."

    Invariably there will be a moron that will reply something like "why not use the enter key on your keyboard?"

    It's obvious that if one asks about the GO button it's because needs it, not because he never realized that the keyboard has the Entrer key.

    Change the question and the useless reply will come, 100% guaranteed.

    That what's happening in this thread, the DMCA has nothing to do with it.
     
  5. T-S

    T-S MDL Guru

    Dec 14, 2012
    3,984
    1,331
    120
    If the IT guy did well his job, the boot from an external device is disabled and the bios is password protected.
     
  6. P0rt

    P0rt MDL Novice

    Oct 23, 2011
    29
    3
    0
    well well...at least nobody calls me a thief anymore

    thanks a lot to whoever took time to either help me or make me feel like shiyte, thanks both ways

    Just so you know, the it manager installs pirated stuff on our machines, barely makes any update available (guess why), never bothers maintaining drivers...i hope you guys can sleep better now, but before you go havoc, there are no laws of such nature where i live.

    i did a lot of things already before hitting the forum, like opening a local account and member it to the admins, general precautions.

    i just read that the domain controller does not have any notification system, cause that what i was fearing. leaving the domain environment, i thought it would somehow notify the controller, but it seems it's no so.
     
  7. roasty

    roasty MDL Novice

    Dec 1, 2007
    35
    6
    0
    There are a number of ways he could be alerted to this outside of a notification on the DC. Asset management and monitoring software, for example. Be careful about jumping to conclusions here. I truly do recommend going the VM route I spoke about before. It allows for two separate environments and keeps you and the company protected.
     
  8. roasty

    roasty MDL Novice

    Dec 1, 2007
    35
    6
    0
    You, apparently.

    Least of all online, actually. Protected free speech as a legal concept only prevents the US government (I'm assuming you're an American) from preventing free expression. MDL, Twitter, Facebook, etc. are under no obligation to provide a medium for said free speech. There are, in fact, rules here at MDL about what you're allowed to say.[/QUOTE]

    I make claims of neither a moral stance nor 'siding' with OP. I was simply answering the question the OP asked. If I could not answer his question, I would have ignored the thread.

    When literally the only thing you brought to the thread was the shaming of OP, how exactly would you describe yourself? OP obviously did not appreciate or want your input on something he didn't ask.
     
  9. Planner

    Planner MDL Novice

    Sep 17, 2011
    5
    4
    0
    ccbiggs, I could not agree more.

    I also have been on both sides of the fence and seen the lack of understanding of the reason for locking down access to software/network resources etc.

    I would suggest that the needs of the OP are documented and a case made for the 'official' changes to your account etc.
    Any attempt to 'work around' the problem will be found out eventually and you will have no solid ground to stand on.

    Getting the sack for what you are asking is not going to help you in the long run. I would suggest that you try to understand what the reasons are for the restrictions in the first place. I would bet it is not out of lazyness !!!

    Just as the Developers have targets/objectives to meet so do the IT people, a little bit of 'living in someone elses shoes' is needed here.

    A thought, if a little bit of respect is given to the IT people you will get some back and this may help you fight for your 'needs' by getting some support from them.
     
  10. P0rt

    P0rt MDL Novice

    Oct 23, 2011
    29
    3
    0
    thanks for the replies guys, it felt a bit like reddit rapers, but a very helpful minority here did actually help me a lot to point me at the right direction.
     
  11. MacAddict01

    MacAddict01 MDL Member

    Mar 3, 2011
    150
    20
    10
    I could be wrong but AFAIK the DC does not automatically send notifications to the admin if a workstation leaves the domain. As mentioned previously, I'm sure third party software such as Spiceworks or something similar might be able to be configured to notify them of rogue devices and such.
     
  12. beamslider

    beamslider MDL Senior Member

    Feb 1, 2010
    333
    94
    10
    #32 beamslider, Jul 25, 2016
    Last edited: Jul 25, 2016


    I am at a loss to figure out how you think he will be able to install VMware and a VM......

    Seems he has stated that he is on a Domain and that AD does not allow him to have Admin rights to install software.....

    Not like he can just disconnect from the domain and install it.....His user account will still not have admin rights on the machine if he disconnects the network cable and logs in locally...

    Unless the IT people are real messy.....The guest network thing is not going to work either


    Not going to work
     
  13. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    4,617
    1,340
    150
    mentally challenge maybe:rolleyes:
     
  14. dmex

    dmex MDL Junior Member

    Apr 20, 2011
    95
    105
    0
    You don't need to leave the domain or even logout to install software... This is how I install software when I don't have administrative access on domain networks.

    1. Enable the built-in administrator account and also reset the password (e.g. Using a boot disk such as DaRT for Windows XYZ or even the linux based Hiren's BootCD).
    2. Reboot back into Windows and log back into your restricted account.
    3. Hold the Shift key and right-click any executable in Explorer.
    3. Select "Run as a different user" on the context menu.
    4. Enter ".\Administrator" as the user so that it'll run the executable under the built-in administrator account.
    5. Profit.

    That trick only works with the local built-in administrator account since Admin Approval Mode is disabled for that account and it runs all applications with full administrative privilege - other accounts with administrative privileges still require Elevation to install software and don't execute properly using this method.

    Some domain networks are correctly configured to prevent that workaround but you can also force all software to install locally - without administrative privileges - using another trick to force all installers to run as the current user.

    1. Open Command prompt.
    2. Paste the following string (without the quotes): "set __COMPAT_LAYER=RunAsInvoker" and press enter.
    3. Hold the Shift key and right-click any executable in Explorer.
    4. Select "Copy as Path" then paste the string into Command prompt and press enter.
    5. Profit.

    There are other methods but they're not as easy, let me know how you go with either of these two.

    -dmex
     
  15. john123x

    john123x MDL Member

    Jun 5, 2011
    116
    86
    10
    U know, i am a nice IT guy that make domain users to be admin of their local pc so they can do whatsoever thing they want.


    But for few person, which have very problematic habit, i need to image restore to every 3 months