peterg70
November 3rd, 2005, 06:33
I thought it might be a worthwhile project documenting how windows XP can be unlocked and accessed when it has been locked down by an administrator in a corporate network.
At work we have SOE machine (Standard operating environment) with Windows XP. All manner of restrictions and lockouts have been installed to reduce people tampering with the setup of the machine.
Examples.
1) No registry editing allowed.
2) Internet Explorer locked to default start page.
3) Administrative tools locked away.
4) Unable to access Network configuration (to configure alternative network)
5) Unable to install hardware/software without administrative rights etc.
Obviously there are ways around everything. The intention is not modify the system in any manner that will be detected (i.e. delete the user.dat/system.dat) etc.
As an example regedit.exe
When running regedit on machine it states that this has been restricted and to contact administrator.
Further delving found that all this is based on the state of a key in the registry. So copy regedit to usb stick and patch function called to check registry key.
Now I have a regedit that allows me to view the data in the registry.
Next trick it to get the administrative console suite (.msc files) and modify them in a similar manner (i.e. run from USB stick) so I can access say the DiskManager without having the administrative access.
Any thoughts or comments are welcome
peterg70
At work we have SOE machine (Standard operating environment) with Windows XP. All manner of restrictions and lockouts have been installed to reduce people tampering with the setup of the machine.
Examples.
1) No registry editing allowed.
2) Internet Explorer locked to default start page.
3) Administrative tools locked away.
4) Unable to access Network configuration (to configure alternative network)
5) Unable to install hardware/software without administrative rights etc.
Obviously there are ways around everything. The intention is not modify the system in any manner that will be detected (i.e. delete the user.dat/system.dat) etc.
As an example regedit.exe
When running regedit on machine it states that this has been restricted and to contact administrator.
Further delving found that all this is based on the state of a key in the registry. So copy regedit to usb stick and patch function called to check registry key.
Now I have a regedit that allows me to view the data in the registry.
Next trick it to get the administrative console suite (.msc files) and modify them in a similar manner (i.e. run from USB stick) so I can access say the DiskManager without having the administrative access.
Any thoughts or comments are welcome
peterg70