Win2000 Admin rights

Printable View

October 14th, 2001, 02:22 AM
freeOn

Win2000 Admin rights

Ok my question is how to turn off the bloody admin rights on a windows 2000 network.

regedit=can't access
C:\prompt=can't access
find=not there
run=not there
control panel=not there
Internet Options=can't access

I can access the hardrive through internet explorer or by opening open office document then hitting cancel.This gives me access to WINNT and all the other goddies.

Well is there a manual way of turning off admin rights or I'm stuck and have to go snooping around.splat splat
October 14th, 2001, 04:04 AM
Cmd_Spook

I believe, although I could be wrong... all these are stored in the Registry

Hkey_Local Machine >software >microsoft >windows> current version > polices

But without access to regedit and the control panel this will be hard
October 14th, 2001, 04:30 AM
freeOn

I would have to find a back way to get to regedit, that's probably going to be the hard part.

Is there any programs that I can get if I can't do it manually.
October 14th, 2001, 04:46 AM
Cmd_Spook

I don't know about of any programs that will allow you access to the registry and bypass the restrictions so you can modify them. Yes there are programs that will let you view the registry but you need to modify it.... If you find one, please let me know.

How is the network setup there might be another way to get admin's rights?
October 14th, 2001, 06:45 PM
cmdrpiper

other programs that might help you

Hi there,

An easy way to limit your administrator is to use some of microsoft's own programs...

you can either use GPO (group policies) which are relatively good if you are working with a win2k server and/or workstations. The only thing is that you have to deploy it afterwards. this shouldn't be a big problem but you have to check if you are deploying to a share (link) or a container.

the other option is to use something like the IEAK from MS. it allows you to configure and restrict any access to key system files like the winnt or c:\drive. You have to be careful because you can lock yourself out and in order to come back to the original state, you have to go into the registry and unlock it manually (there's about 50 keys in nt4 and <80 in win2k). the IEAK creates a customized IE and shell to restrict users from accessing the stuff you want to hide.

the keys are created in the hkey_current_user and hkey_users (admin one S-xxx-xxx)

the fun part of using any is that you don't have to spend hours playing with the registry. but the danger is the fact that you can lock yourself out of your own machine. If you are good with the registry, trust me it's going to be a breaze for you.

hope this helps...

cmdr_piper
ps. you can also check the nsa win2k security/deployment guides and preconfigured inf/gpo if you want the easy way out but you have to be good in reading nsa "coding":)