I have a script on my computer that will not only disable all Windows 2000 policy restrictions, but will also delete all accounts on the policy server with Administrator user profiles. Oh, and of course, you can run this on a restricted system, without any administrator passwords. (The script asks whether you want Administrator accounts deleted, I only did it once, when they started to catch on.)

Our school has the same sort of setup as yours. We had the policy system down in 2 weeks, we had the Webmarshall program giving us full access in a month, and a month after that, we managed to remotely uninstall Webmarshall completely. (Although when we did we accidentally lost all internet access. They reinstalled it, got it back up, and we took it down again, this time, without any port blocking, and general internet maintained.)

So Raynar, do not rely on that Windows 2000 policy system, because it's laughably easy to get around.


Anyway, next year, they try again. Webmarshall is back, and in full force. Everything is locked down, and my script stopped working. Me and my security bustin group of friends call a meeting on AIM, and we discuss our plan of attack. What did we discover? We found that you could flood the system with incorrect access requests (disguised as a poor freshman, btw), and it would eventually freeze the policy system on the server. When that happened, Services.exe restarted the policy server, as it should, except for some moronic reason, the settings were not restored. Everyone was given complete access. First thing we did was cover our tracks, deleting everything in the Event Log. We had fun for the day, then went home and got on AIM again. Our programming master of the group wrote a program that would install and run VNC on the remote server, and would automatically open a specific port for VNC to run on, regardless of whether it had been previously disabled. We discovered that the school's hardware routers stopped us from accessing the server from home, but we could still access it via the school network.

Did I mention we all have laptops, and my group of friends all have the ability to command control of any freshman laptop as long as they are on the net? Yeah. The freshmen have new WinXP laptops, and the programming friend just wrote a script that travelled through email that would automatically enable Remote Desktop Sharing and accept all logins. Damn, that was a fun year.

And we still have one more year of terror (Two for some of the guys in the group. They're thinking of starting a legacy in the school, but I'm not concenred about it.)

------------------
"The future is not determined by a throw of the dice, but is determined by the conscious decisions of you and me."
I am addicted to ellipses!!! AHHH!!! ...
Make Sorrowind Worthwhile... join it! http://sorrowind.net

CM, that sounds like some of the **** the guys and I used to pull at ITT.. Right down to using VNC to screw around with all the fresh blood!

------------------
Dear lady, can you hear the wind blow, and did you know
Your stairway lies on the whispering wind.
:wq

You guys had security on your computers? hahahaha

We had none and just installed any games we wanted. Half of most lessons were spent playing duke, doom and C&C. Damn teacher was 2nd best in the school at C&C...

The security at my school is a joke. I can pretty much wander around the entire network disabling and destroying computers as I go. Fortunatly I happen to have some restraint.

We only use Novell Client Trust which is also very easy to crack once you can access the command prompt.

My programming class junior year had a fairly decent work ethic and a cool teacher, and when he didn't have anything planned, he often let us play Starcraft and Age of Empires I & II. It took me until the middle of my senior year to finally beat him one-on-one in AOEII, something that no one else has accomplished yet. In Starcraft, he can beat most of the non-Korean students.

Anyway, he had a system where logging on with a Windows profile called "Strategy" would decrypt certain directories on the computers and make the games playable. Our teacher was also the network administrator, and knew far more about computer security than any of us could ever hope to figure out, so we never found a way to actually get through to the games. What we did do was copy the game folders whenever he gave us the password for the Strategy username, and then tried to hide the folder in as many places as possible so we could play on our own usernames. He usually found the folders, but he never managed to get the games completely off the network. The end result was some decreased grades among those who couldn't multitask well enough to play games and learn programming at the same time.

------------------
"Why aren't I'm using at these pictures?" - Cloud, 4/14/02

We encourage students to bring in USB keys to save their work if they want to take it home, or to save it on the network where each student has their own private directory.

Raynar

------------------
Pagewizard_YKS: "making your own lightsaber doesn't make you a nerd... "

Bah, that's prolly just windows NTFS encryption. The encryption itself is very hard to crack, but getting windows to simply decrypt it for you is MUCH easier. All you need to do is force your way into his account. (Note, HIS, not any. It has to be his account, unless his administrator account is somehow actually lower than some God account or something, then that God account would work too, but only if it was higher on the food chain.) After you do that, you change the encryption attribute on the folder, and have fun.

As for GBK: VNC is GOD. You can do damn near anything with it. One of the guys managed to Lindows on it (so no reboot on the server ), open an SSH server, hide the Lindows process in windows (simply make it a service), and using the SSH server to tunnel the connection past the proxy server, we were able to access the server from home, upload all our crap to it (via the wonderful SSH compression). That worked so well, it is still in effect right now. They don't want to reformat the server, since it has teacher stuff on there they don't want to destroy. Grades are backed up, and locked away. (By locked away, I mean, they copy all grades onto a CDROM and literally lock it away. Not that we looked for grades or anything ) However, there is other material. They are looking hard for the kid who started it, but they cant find him, because he did it all from home. Anyway, they think the kid wrote some sort of virus they can't delete, and they've already shut down the port we were using for tunneling, but good ole CRON job to the rescue! Edit the .config with a new random port number every day, and automatically upload the new port to a remote server so we know what the new one is

------------------
"The future is not determined by a throw of the dice, but is determined by the conscious decisions of you and me."
I am addicted to ellipses!!! AHHH!!! ...
Make Sorrowind Worthwhile... join it! http://sorrowind.net

Deepfreeze = owned

------------------


---Thomas jefferson, Declaration of Independance.

My friends and I get unrestricted access to the system cause we help out in the A/V department. hehe.

All you need at our computer is right click. The restrictions are all pretty little icons on the system tray. All you do is go to the daycare comp-lab with one of the childcare-student's usernames, use their right clicking abilities, close out of the programs, and set up your own account, mmm mmm good.

JediKirby

------------------
-Proud Leader of the Minnessassian Council
<]-[ellequin> Nothing is quite as satisfying as placing a .177 lead pellet in between the eyes of a cat.
<]-[ellequin> I think I will leave it's corpse there, to warn all the other cats to keep out of my hibiscus patch

Live on, Adam.

CM, teach me you god.

------------------
There is no signature

There is much to teach, young Padawan.

The best way: Get a junk system, and lock it down with the best security you can possibly think of. Then, have a friend change the password of everything to something else, and give him instructions not to tell you until you've cracked it. Then all you do is hook the system up to your home network, and start weaving your way in. Once you do that, take it to your friends house, have him run it there on his broadband, so you can try it over the net, since its quite different, with ports and all.

You'll get quite proficient that way.

------------------
"The future is not determined by a throw of the dice, but is determined by the conscious decisions of you and me."
I am addicted to ellipses!!! AHHH!!! ...
Make Sorrowind Worthwhile... join it! http://sorrowind.net

...You dont need a friend, PW... Just use really long and onoxious random passwords, and forget to write them down...

------------------
Dear lady, can you hear the wind blow, and did you know
Your stairway lies on the whispering wind.
:wq

PW?! I feel insulted!

And as for long passwords, good luck on that. Do that on a Win2k system, and I'll just reset the password.

------------------
"The future is not determined by a throw of the dice, but is determined by the conscious decisions of you and me."
I am addicted to ellipses!!! AHHH!!! ...
Make Sorrowind Worthwhile... join it! http://sorrowind.net

You got AIM?

------------------
There is no signature