Fog Creek Software
Discussion Board




Windows Admin rights

My current client wants me to use their computers instead of my own (they're a defense contractor) but it was OK to bring my own Wacom tablet in. However, the driver can only be installed by someone with admin rights and all their computer users don't have those rights. You have to use their system of bureaucratic hyper-rationalism to submit a software install request form and why it's needed, who's going to pay for it etc.. etc.. etc..

Is there any other way I can just 'get it done'?

Interaction Architect
Saturday, April 17, 2004

If you don't have the local admin password you're going to have to go through the bureacracy. Doesn't seem that unreasonable to me as long as they deal with the requests within 24 hours or less.

Stephen Jones
Saturday, April 17, 2004

A few ways that may work (in increasing order of effort):

1) Try the  bureaucry! This is a client site so I really wouldn't recommend breaking the rules, even if they seem silly.

2) Backup C:\WINNT\SYSTEM32\logon.scr and try to overwrite it with your installer. This is the logon screensaver, and often runs with admin privileges.

3) Move C:\WINNT\SYSTEM32\SAM\config\SAM somewhere else, reboot, and the local account "administrator" should have a blank password. Restore the original SAM file when you're done.

The SAM file is locked while Windows is running.
Ways to get around this:

a) Try WipeOut->Miscellaneous. http://securitysoftware.cc/Programs/WipeOut.exe

b) Boot from a floppy with a NTFS driver, such as http://www.sysinternals.com/ntw2k/freeware/ntfsdospro.shtml . There are free Linux based alternatives but I wouldn't recommend them if you want to be able to restore the original SAM file.
(Assumes there is a  floppy drive and boot from floppy is enabled in the BIOS. Though there are ways of getting around the BIOS issue...).

c) Boot from something else with the floppy image, e.g. CD, USB-key (again hardware and BIOS dependent).

d) Remove the hard disk and mount it as a slave on a machine where you do have admin. (This assumes they aren't using an encrypted file-system.). chkdsk will probably want to run when you return the drive to the client machine; this is normal.

4) Crack the password from the SAM file with e.g. l0phtcrack. Probably not worth it if they used a decent password, and if 3) doesn't work you probably won't be able to get at the SAM file.

Now you know why laptops with sensitive stuff should use encryption!

MugsGame
Saturday, April 17, 2004

Thanks. I have a feeling that breaking their rules would propel me to escape velocity - I guess I'll bow to the 'system'.

Interaction Architect
Saturday, April 17, 2004

Look at the bright side; at least they're a client, and you'll get to leave someday.  But pity the poor saps who work there...

Kyralessa
Monday, April 19, 2004

Would you want any old user to be able to store any old driver? What happens the day they walk in with some portable mass storage device, install the driver for it and then steal all the juiciest corporate data?

John Topley (www.johntopley.com)
Wednesday, April 21, 2004

Actually, the drivers for most mass storage devices are probably installed by default. And once you have some form of networking there are numerous covert channels. So it really comes down to how much they trust their employees.

MugsGame
Monday, April 26, 2004

*  Recent Topics

*  Fog Creek Home