Results 1 to 5 of 5

Thread: Win2000 Admin rights

  1. #1

    Question Win2000 Admin rights

    Ok my question is how to turn off the bloody admin rights on a windows 2000 network.

    regedit=can't access
    C:\prompt=can't access
    find=not there
    run=not there
    control panel=not there
    Internet Options=can't access

    I can access the hardrive through internet explorer or by opening open office document then hitting cancel.This gives me access to WINNT and all the other goddies.

    Well is there a manual way of turning off admin rights or I'm stuck and have to go snooping around.splat splat

  2. #2
    I believe, although I could be wrong... all these are stored in the Registry

    Hkey_Local Machine >software >microsoft >windows> current version > polices

    But without access to regedit and the control panel this will be hard

  3. #3
    I would have to find a back way to get to regedit, that's probably going to be the hard part.

    Is there any programs that I can get if I can't do it manually.

  4. #4
    I don't know about of any programs that will allow you access to the registry and bypass the restrictions so you can modify them. Yes there are programs that will let you view the registry but you need to modify it.... If you find one, please let me know.

    How is the network setup there might be another way to get admin's rights?

  5. #5
    Junior Member
    Join Date
    Aug 2001

    Smile other programs that might help you

    Hi there,

    An easy way to limit your administrator is to use some of microsoft's own programs...

    you can either use GPO (group policies) which are relatively good if you are working with a win2k server and/or workstations. The only thing is that you have to deploy it afterwards. this shouldn't be a big problem but you have to check if you are deploying to a share (link) or a container.

    the other option is to use something like the IEAK from MS. it allows you to configure and restrict any access to key system files like the winnt or c:\drive. You have to be careful because you can lock yourself out and in order to come back to the original state, you have to go into the registry and unlock it manually (there's about 50 keys in nt4 and <80 in win2k). the IEAK creates a customized IE and shell to restrict users from accessing the stuff you want to hide.

    the keys are created in the hkey_current_user and hkey_users (admin one S-xxx-xxx)

    the fun part of using any is that you don't have to spend hours playing with the registry. but the danger is the fact that you can lock yourself out of your own machine. If you are good with the registry, trust me it's going to be a breaze for you.

    hope this helps...

    ps. you can also check the nsa win2k security/deployment guides and preconfigured inf/gpo if you want the easy way out but you have to be good in reading nsa "coding"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts