Anyone good with these types of things? It's not a venue that I've really pursued on my own.

Here's the deal...
Where I work is entrenched with a bunch of Novell crap. The novell handles the domain controllers, user authentication, managing resources, etc. That's one thing which M$ actually does well in my opinion compared to Novell.

Anyway, I have a locked down computer. I can't even change the theme from Windows XP to Windows Classic it's locked down so much. But they did a crappy job locking it down...

Even though the Novell policies run, I can still open up a MS management panel (gpedit.msc) to edit/add some group policies. In there I found one where I could force the theme to be Windows Classic. After a reboot I found that the MS policy runs after the Novell junk and my little "hack" set my theme to Windows Classic.

I still need to do other things though, and I was hoping I could do it with this MS group policy editor since I have access to run it and apply changes from it.

Some things I'm looking to do are:

-Gain access to start/stop/modify services (to kill off about 20 unneeded processes)
-Gain access to use other administrative tools (none currently show up for me)
-Other misc local settings to the computer.

Also, these policies run on the computer as a whole. Even if I bypass the domain and logon to the computer locally as the local admin I still can't change the damn theme. So I'm looking for a solution that I can apply regardless of the user.


Does anyone have any ideas?

if the policies were set on an active directory server, you are pretty much SOL, until the server has those accesses disabled the local computer wont let you change em

Thanks for the reply. But how was I able to change my theme which is currently locked down? I just happened to stumble upon gpedit.msc set the policy and it worked.

And don't forget, this is Novell locking things down, but I was unable to unlock one using Microsoft's tools. I might have a little sneaky way to do it.

Due to the dual types of policies running on the PC, I'm hoping I can add an other MS one for Admin Tools which might override Novell's just like I did for the themes. The problem is, I don't even know where to change the MS one to add more access to Admin Tools.

Regardless if I have access or not, using microsoft's utilities, where could I grant access to admin tools. Is it possible to set that locally (if I had access), or can that only be set on the domain controller?


I know this is kind of confusing. Let me know if I need to further clarify.
Thank you.
-t

Elevating your access rights. Something I'm good at.

Do you have access to the registry editor?

Check here for ways to get access back.

Try this to get services.msc back.

You can also edit startup/programs entries in
go to run
msconfig.exe

Do you have access to your local user manager?
go to run
lusrmgr.msc

also
go to run
cmd.exe

if you can't get into cmd.exe
try going to run
command.com

Also just for shits and giggles
go to run
control userpasswords2


Can you get access to any of these programs? Knowing what tools you have available will give me a better idea of what you need to do to restore access rights.

Yes, I have full access to the registry. I can already run services.msc, I just don't have access to start/stop certain services like pain in the ass McAfee. I can also run a command window.

They did a crappy job locking this down. For example it was preventing me from installing the Administrative Tools control panel in my start menu or control panel. I can run the actually utilities from the Run window, but not have them on my start menu. BUT, if I go to the local administrator user's My Documents folder, I can copy their start menu/administratrive tools folder and then past it my my users start menu and now I can access them more quickly.

Thanks for the response. Basically where I am at is that i can run or install almost anything. It just that certain things are disabled like shutting down crappy services. Also, since I was able to use a MS policy to override a Novell local policy, I was hoping I could do more of that to get more access.

Ahh gotcha.

Well try this:

run --> gpedit.msc

Local Computer Policy
Expand Computer Configuration
Expand Windows Settings
Expand Security Settings
Expand Software Restriction Policies
Right Click Additional Rules
New Path Rule...
Browse to the directory of where the program you want to prevent from running is.
Make sure it is set to disallowed.
Hit apply.
Repeat for any other pesky programs you want to disallow.

Restart your PC.

Here is how I disabled the annoying nag screen that used to pop up every time Avira loaded. Try this for Mcafee.

Thanks for the help V.V.

I didn't know where to add in extra policies for what I needed but that helped.

Adding that entry for the path to McAffee didn't totally help. It delayed the starting of the service, but after about 10 minutes it would start up, but it didn't start immediately now. I think Novell G.P. is taking over after awhile...

Since McAfee's not starting immediately any more I can now rename McAffee's executable files since they're not in use yet. Adding a nice .bak file extension changed them enough that it doesn't load it.

To check that it's really no loading, McAfee is neither started nor stopped in services.msc, just blank. Also in the Event Viewer, there is this nice tidbit:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 4/21/2009
Time: 10:51:14 AM
User: N/A
Computer: XXXXXXXXXXXX
Description:
The McAfee Framework Service service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsof.../fwlink/events.asp

Are they any microsoft policies that I can added to grant me more admin privileges?