Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Domain Administrator, has no rights on Local Machine

Status
Not open for further replies.
FlavesEnt

FlavesEnt

MIS
Mar 2, 2004
21
US
Hello all.

I am an administrator for a k-12 school. A "clever" student has recently figured out how to change one system on a laptop cart that we have, which disables any user from having more than basic privilages on the machine.

For instance, as a Domain Admin, I actually have no rights. I can not access User Accounts in Control Panel, and do not have any more rights than one of the basic users.

Students have restricted accounts that we run via group policy on the domain.

All the laptops have no CD or Floppy drive, however, students have USB Flash Drives, which they can access data on.

The Local Administrator account is gone in Documents and Settings, however a folder named DIESEL appears.

I can find no trace of any programs installed on the machine that would allow hacking of the system.

At this point I will probably have to rebuild the system, unless a more appropriate soloution can be offered.

Any help is appreciated.

Thanks.

Dan
 
Sort by date Sort by votes
Yeah it's called a paddle.

If anyone calls and says "I know a little something about computers" just tell them to reformat it.
 
Upvote 0 Downvote
We use a program called Deepfreeze and it's saved us a lot of hassle. Don't know enough to help you fix your problem though, we usually have a ghost image of our computers and reghost them when all else fails.
 
Upvote 0 Downvote
What exactly does Deep Freeze do?

We use Ghost also, but I wanted to try to prevent the problem in the future, and to do that, I would have to find out what exactly the student did, and lock it down.

I was hoping to find out how this could be done, since Group Policy restricts this behavior.
 
Upvote 0 Downvote
It is an easy use of Google to find software utilities to change the local Administrator account password to either blank or something else.

As a local Administrator I could make all the changes you describe.

Deep Freeze would certainly work in this instance:
 
Upvote 0 Downvote
As to how the student did it...probably ran a crack against the local sam database via a jump drive. Once that's done he's got an admin username and password to work with.

Another method to help prevent this, is to put a policy in place. Set the policy up so only approved applications can be run on any system. This SHOULD lock out their capability to break any type of encryption...

Another method is having a proxy in place to monitor and block access to specific types of content from the web.
 
Upvote 0 Downvote
Won't work aquias -
The password / SAM editors I have seen run from a small Linux boot.

Group Policy means nothing in this instance.

Now you could block the use of USB pen drive devices, but that is apparantly encouraged at this site.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

theConjurian
  • Locked
  • Question
No administrator rights after upgrading to Windows 11
Replies
19
Views
3K
goombawaho
goombawaho
spamjim
  • Locked
  • Question
Sanitizing illegal filenames on NTFS volumes
Replies
2
Views
572
spamjim
spamjim
pjw001
  • Locked
  • Question
Programs not loading on Windows 11 Version 22H2.
Replies
9
Views
1K
pjw001
pjw001
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
2K
Flinx
Flinx
dik
  • Locked
  • Question
Change Icon Image on Desktop
Replies
5
Views
935
JimSmith02
JimSmith02

Part and Inventory Search

Sponsor

Back
Top