Admin Lockouts :/

Lo there been reading for a week or 2 and u all sound like intelligent ppl

Please Register or Log in to view the hidden image!

)

I have a bit of a problem at work me and my mate have a pc each with web access the works, we are unable to open control panel or run regedit etc as its locked by admin. Now is there anyway to bypass this?

Mines a windows xp machine and his is a win2k

I have so far tried merging the relevant keyworks into the registry but this didnt work, i found a vbs script that claimed that it would do it but wouldnt, and couldnt find the key. I downloaded registry crawler and noticed that the usual 'DisableRegistryTools' was in a different location to usual so i edited the script but got another error when trying to write to winshell.

here is a copy of the script


'Enable/Disable Registry Editing tools
'© Doug Knox - rev 12/06/99

Option Explicit

'Declare variables
Dim WSHShell, n, MyBox, p, t, mustboot, errnum, vers
Dim enab, disab, jobfunc, itemtype

Set WSHShell = WScript.CreateObject("WScript.Shell")
p = "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"
p = p & "DisableRegistryTools"
itemtype = "REG_DWORD"
mustboot = "Log off and back on, or restart your pc to" & vbCR & "effect the changes"
enab = "ENABLED"
disab = "DISABLED"
jobfunc = "Registry Editing Tools are now "

'This section tries to read the registry key value. If not present an
'error is generated. Normal error return should be 0 if value is
'present
t = "Confirmation"
Err.Clear
On Error Resume Next
n = WSHShell.RegRead (p)
On Error Goto 0
errnum = Err.Number

if errnum <> 0 then
'Create the registry key value for DisableRegistryTools with value 0
WSHShell.RegWrite p, 0, itemtype
End If

'If the key is present, or was created, it is toggled
'Confirmations can be disabled by commenting out
'the two MyBox lines below

If n = 0 Then
n = 1
WSHShell.RegWrite p, n, itemtype
Mybox = MsgBox(jobfunc & disab & vbCR & mustboot, 4096, t)
ElseIf n = 1 then
n = 0
WSHShell.RegWrite p, n, itemtype
Mybox = MsgBox(jobfunc & enab & vbCR & mustboot, 4096, t)
End If

Would appreciate a little help with this

Please Register or Log in to view the hidden image!

)

 

Log in or Sign up to hide all adverts.

Not sure if it works with reg edit is shutoff, but...

Goto a machine with which you have access. Open regedit and export the keys that turn regedit on. Then run this file on the locked machine.

I vaguely recall this working before.

As for your script, the line:
p = "HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\"
has an extra space in the middle of the word policies

 

Log in or Sign up to hide all adverts.

Cheers for the reply

Please Register or Log in to view the hidden image!

)

I have also tried creating a new key or exporting one and merging it but regisrty merging has also been disabled. Well spotted on the script I will have to ammend this and give it a go. Also im going to try running gpedit.msc straight from windows/system32, but im certain this will also be disallowed.

I could go the route of placing a keylogger on it and asking the admin to remotely connect and do somthing then steal the pass but I dont want to be accused of somthing like that :0)

 

Log in or Sign up to hide all adverts.

I way I found round a college computer involved using a premade .EXE

The system had the admin lock off .EXE's from being downloaded onto the machine (along with not being able to edit systems configurations, or right click etc)

However I found that if you placed a .EXE into a ZIP file, and open the ZIP file by using the "Open With" command, I was able to circumnavigate the Winzip installation and use the inbuilt XP folder decompression, this meant that when XP accessed the file in the ZIP folder, it had at least the EXECUTION level from the system to run .EXE's)

In the instance that I used it, I zipped up a copy of MSCONFIG.exe from another system, along of course with REGEDIT.exe, both these programs could run and be used to alter settings bypassing the script method of altering them.

[EDIT]
I messed up my original post a little, Basically XP thinks that EXE's in Compressed folders when opened with XP's internal Compression systems believe the EXE to be a preportion of the SYSTEM that is already installed and ALLOWED. It bypasses the privilege mechanism that trying to download an EXE in a secured environment would otherwise enforce.

The system I played with had Winzip installed, so that had been made the default ZIP opening program which is why I mentioned using a different OPEN command when dealing with a zipped folder.

 

Stryderunknown thats a very interesting method you have there, will definately give this a go cheers

Please Register or Log in to view the hidden image!

Please Register or Log in to view the hidden image!

 

I tryed that method and theres still no joy, im really stuck on what to try next would really appreciate some help

Please Register or Log in to view the hidden image!

 

why do you want admin access, why dont you just ask tech support?

Please Register or Log in to view the hidden image!

getting admin access with a simple reg hack would be beond laughable

 

^^ I agree.

Wouldn't work that way. You should try brute forcing, I have a couple of tools that might help and there's always Ctrl+Alt+Del at the logon screen, where the manufacturer may have provided hidden users. That is, if the PC was purchased with XP on it.

If not, there are other methods but I forget right now..