Work tracking internet history?

I wouldn't recommend doing this. We collect logs here, but rarely search them (unless requested to do so). However, when 2 of our users started using PC Anywhere it was picked up pretty quick.

Stuff like LogMeIn runs over port 80/443 so should only show as web traffic. Still easy for it bods to spot though.
 
Last edited:
BartPE with one of the various security plug-ins. You can blank local domain passwords and in some cases (depending on how long the local admin password is) just simply retrieve the password, that way you don't have to make something up when IT come along and find their normal one doesn't work.

Boot back up host machine, log into admin account then add your user name to the administrators group. Job done.

Admittedly I've only ever done this on XP machines, not sure if it work on Vista or 7. But there are plenty of tools out there to retrieve or blank the local machine's admin account password.

I assume that would require the user to be able to boot from a CD/USB? Most of our workstations don't have a CD drive, but I guess they could reset the BIOS using the CMOS jumper and then boot to a USB drive with BartPE. I shall do some testing :)
 
BartPE with one of the various security plug-ins. You can blank local domain passwords and in some cases (depending on how long the local admin password is) just simply retrieve the password, that way you don't have to make something up when IT come along and find their normal one doesn't work.

Boot back up host machine, log into admin account then add your user name to the administrators group. Job done.

Admittedly I've only ever done this on XP machines, not sure if it work on Vista or 7. But there are plenty of tools out there to retrieve or blank the local machine's admin account password.

While this works in theory surely once they log back onto the network your GPO will revert the admin group back to what it should be?
 
While this works in theory surely once they log back onto the network your GPO will revert the admin group back to what it should be?

and then shove any monitoring software removed straight back on again?

i get the impression some of these home-brew geeks dont really understand the way things are done in the big wide world
 
BartPE with one of the various security plug-ins. You can blank local domain passwords and in some cases (depending on how long the local admin password is) just simply retrieve the password, that way you don't have to make something up when IT come along and find their normal one doesn't work.

Boot back up host machine, log into admin account then add your user name to the administrators group. Job done.

Admittedly I've only ever done this on XP machines, not sure if it work on Vista or 7. But there are plenty of tools out there to retrieve or blank the local machine's admin account password.

Can you detail which methods / tool is used to retrieve the local admin password please , this would be really handy for me
 
Do a google, it's not difficult to find.

Thanks for the help , but I was kinda hoping the guy who posted he has retrieved windows passwords would reply , with his method

Reseting a password is easy , extracting / retrieving one I have yet to see a method that actually does this correctly.
 
and then shove any monitoring software removed straight back on again?

i get the impression some of these home-brew geeks dont really understand the way things are done in the big wide world

We know enough thst doing thid like that is swapping a slap on the wrist for gross misconduct and immediate dismissal.

"And why did you leave your previous position Mr Derpster?"
"Oh I was caught compromising the security of the IT systems hoping to hide my skiving"
 
Thanks for the help , but I was kinda hoping the guy who posted he has retrieved windows passwords would reply , with his method

Reseting a password is easy , extracting / retrieving one I have yet to see a method that actually does this correctly.

I usually use OPH crack to retrieve passwords when relatives lock themselves out but it's trivially easy to reset passwords and even create a new admin account on a Windows PC, generally all you need is a live distro of your favourite Linux. The sticky keys trick works well on Win Vista/7 for example.

The information generally crops up on all the standard sites, I'm fairly certain howtogeek.com and lifehacker both ran articles on how to do all this.

You shouldn't though and I can pretty much guarantee that if your IT department are worth their salt they'll spot it pretty quickly and you'll be in quite a bit of trouble.
 
I assume that would require the user to be able to boot from a CD/USB? Most of our workstations don't have a CD drive, but I guess they could reset the BIOS using the CMOS jumper and then boot to a USB drive with BartPE. I shall do some testing :)

Yes that does need doing occasionally as well. You need to enter BIOS and change your primary boot device, if it's passworded just remove the CMOS battery for a bit (the machines at my work have handy easy clips to open them too)
 
While this works in theory surely once they log back onto the network your GPO will revert the admin group back to what it should be?

There are two admin groups, the netwrok one which you cannot change without hacking the network and the local Windows one which has nothing to do with the network login. It is the latter I am changing.

I dunno if a GPO could be written to check and change the local account settings (wouldn't this in itself be a security flaw in Windows?) but it's never happened on the numerous PCs I've done this on at several major companies.

and then shove any monitoring software removed straight back on again?

i get the impression some of these home-brew geeks dont really understand the way things are done in the big wide world

No I understand perfectly, IT departments spend all say fixing printers and setting up new logins. They aren't wasting their time investigating the users or implementing protection against very rare 'threats'.

As I said above, I have done this "in the big wild world" and never been told off or 'caught'.

Thanks for the help , but I was kinda hoping the guy who posted he has retrieved windows passwords would reply , with his method

Reseting a password is easy , extracting / retrieving one I have yet to see a method that actually does this correctly.

Haven't done this for ages now so can't remember the exact tool name but I'll try and dig out the old CD I made (if I can find it). I do remember though that the password extractor only worked if the admin password is less than 14 characters (past 14 Windows uses a different method for storing it), luckily in my case the password was less and the same for every machine in our building.
 
We know enough thst doing thid like that is swapping a slap on the wrist for gross misconduct and immediate dismissal.

"And why did you leave your previous position Mr Derpster?"
"Oh I was caught compromising the security of the IT systems hoping to hide my skiving"

If a company fired me for that they would be stupid.

Every single time I've had to 'gain' an admin account is is always because the IT department were talking far too long to fix something I could do in a few minutes.

What would rather have? Submit a "support call" which can take days to look at and the finally answer, or a bloke in your office who you can just call over and get it fixed there and then?

I have never gained an admin account for any negative reason against a company.

Call me arrogant but I only see the need to restrict account access because you don't want non-computer literate people pressing the wrong button but that doesn't apply to me.
 
There are two admin groups, the netwrok one which you cannot change without hacking the network and the local Windows one which has nothing to do with the network login. It is the latter I am changing.

I dunno if a GPO could be written to check and change the local account settings (wouldn't this in itself be a security flaw in Windows?) but it's never happened on the numerous PCs I've done this on at several major companies.



No I understand perfectly, IT departments spend all say fixing printers and setting up new logins. They aren't wasting their time investigating the users or implementing protection against very rare 'threats'.

As I said above, I have done this "in the big wild world" and never been told off or 'caught'.



Haven't done this for ages now so can't remember the exact tool name but I'll try and dig out the old CD I made (if I can find it). I do remember though that the password extractor only worked if the admin password is less than 14 characters (past 14 Windows uses a different method for storing it), luckily in my case the password was less and the same for every machine in our building.

There is too much wrong with this post to pick it apart but most of what you say above is incorrect.
 
Call me arrogant but I only see the need to restrict account access because you don't want non-computer literate people pressing the wrong button but that doesn't apply to me.

I'd say it applies moreso to you than the less computer literate in the office as you're the one more likely to screw something up resulting in a support ticket :p
 
I don't see anything new here tbh, but still I quite like reading threads like this. It helps me to keep arrogant noobs from messing with the corporate network.
 
Last edited:
I'd say it applies moreso to you than the less computer literate in the office as you're the one more likely to screw something up resulting in a support ticket :p

As I said, I save our IT department FAR more time than they ever appreciate. I answer 80% of the support calls in my building for them.

The times are gone when the only people who knew how the systems worked was the bods in IT. Nowadays, I find a lot of IT department are run by oldies who haven't learned anything new since Windows NT came out whilst your standard 20 year old data entry clerk knows a PC inside out and better than the guys in IT.
 
Back
Top Bottom