Locked Out

[joker5893]

Hey guys, have a bit of a problem here. I locked myself out of my computer at work. I am running XP. What i did was lock down the computer so only I could log into it. I removed all the local user accounts, and disabled the local admin account. I was having problems with my boss snooping around my computer. So the only account that could get into my computer was my domain admin account. The problem is that the other day i deleted my computer out of Active Directory because it had the old SID. When i came into work the next day my computer had been updated because of patch Tuesday and therefore restarted. When i came in guess what my computer couldn't see the Domain and therefore bringing me to my problem. Anyone have an idea to bust me outta this situation.

[VaKo]

Re-image the machine. Since its not your computer your boss probally has a right to "snoop" about your machine, check with HR.

[joker5893]

Yeah i was hoping i didn't have to rebuild it, but i guess i have too. Your right he prolly does have permission to snoop around my machine, but i rather not anyone but me touch my machine. I work at a school and just think about it, the unlikeness of this to happen is low but it could. Say my boss or anyone else there is looking to get my fired, well someone can throw Child Pron on my computer and guess what my life is over. All they would have to do is throw a little virus in or something just to set off the virus program or just snoop around in my computer and then they have probable cause to accuse me for that stuff on my computer. I know it's a low risk but it still might happen and i'd rather take the proper steps to mitigate the possibility of a sabotage threat.

[Nophix]

It's company equipment, and your boss has every right to monitor it's use. To be honest, if I had you as an employee, and found out you were disabling things such as the domain admin access, you would be terminated on site.

Btw, if they really wanted to get into your machine and do something of the sort, nothing you have done could stop them. They just wait until you leave and get physical access to the box.

The simple answer is to treat people decent, and don't make enemies. Sometimes it means swallowing a good bit of pride, but they usually get there's in the end.

[Sparda]

It's company equipment, and your boss has every right to monitor it's use. To be honest, if I had you as an employee, and found out you were disabling things such as the domain admin access, you would be terminated on site.

That is unfair dismissal.

Would you terminate him for having Wireshark, cain & able or nmap installed on his computer?

In my opinion you fall in to the same category of people who try to get people in trouble for having 'hacker tools' installed.

[DingleBerries]

Would you terminate him for having Wireshark, cain & able or nmap installed on his computer?

I would more than likely fire an employee with Wireshark or Cain installed. I do not need an employee ARP spoofing and capturing others data/passwords. If he was a network admin i can see having those tools, but if all he is processing data, i.e. customer support, there is no reason for him to have that.

BUT

Im pretty sure I would do the same thing. Its really a hard decision.

[Sparda]

I would more than likely fire an employee with Wireshark or Cain installed. I do not need an employee ARP spoofing and capturing others data/passwords. If he was a network admin i can see having those tools, but if all he is processing data, i.e. customer support, there is no reason for him to have that.

BUT

Im pretty sure I would do the same thing. Its really a hard decision.

Customer support could involve any thing. That is my job, I happen to have all these tools installed and my supervisor even knows I do because A) he sees me using them B) I have solved customers problems using them.

If you don't trust your employees, your employees should quit and get a better job.

[VaKo]

It depends, if someone was repeatably abusing company resources by disabling admin access to there machine in this fashion, I would give them a written warning and fire off a policy email to the staff/team. If it carried on, I would fire them or find a way to fire them. It is not unfair dismissal if you are interfering with company resources and this is impacting the running of the company. As for hacker tools, I have loads on my system at work, because they are useful for my job but I had to justify them. If your job is do financal reports or answer the phone then you don't need them, end of story. Yes, you should trust your employees but blind trust is unwise. If I hired someone for an IT job and they used them, I would want to know what they are doing with them before I okay'd it. If they can't justify using them, they remove the tools or re-do their CV.

[joker5893]

Sparda i totally agree with you and i have no idea what Nophix is talking about. Firing someone over that is crazy. I locked down my machine not any of the servers. I am second in command to my boss which is the IT Coordinator for our school District. So i think i have the right to protect my machine. If he wants to monitor something do it under my supervision and its all good. If he wants to look around for something so be it, but i want to be there when he does it. Currently his job is in jeopardy because he's not completing the tasks he suppose to be doing. So i pose a threat to him as taking over his job if the Superintendent sees that to fit. I too have wireshark, nmap and cain and abel installed on my computer and my boss has questioned me about it before. The problem is that he's not aware that these tools can be used for good use in finding certain problems. But anyways we are getting all ethical here and that wasn't the point of the post. The post was served to help me find a solution to my problem not question my ethic's.

[DingleBerries]

I am second in command to my boss which is the IT Coordinator for our school District. So i think i have the right to protect my machine.

That makes a big difference, if youre in charge of making sure things work then yeah these tools can be of great use. In fact I use then all to monitor my botnets, not mine but storm and kraken. The problem occurs when you have some one with intentions not so savoury.

[Sparda]

Forgot to mention, I also disabled the local admin account on my domain computer at work. Not to prevent 'snooping', but because my supervisor and the other guy I work with mess with each others computers, and he knows it's disabled (unless safe mode is used). No one is a domain admin at where I work. That is a dumb group to use.

[VaKo]

Never mix office politics with anything. In your case, your boss still has the right to access your machine, as its an office machine and he is your boss. Like many geeks your looking for a technical solution to a non-technical problem, and in this case not giving him reason to hate you enough to put childporn on your computer should be a goal. Even if you can't stand the man, you have to work with him until the point one of you is fired. Be professional and if you are worried this might happen cover you back and talk to the superintendent about the problems you having with him before your trying to explain the situation to HR/the cops. And as your 2nd in command to him, I still have to point out that you should have known that what you did was technically quite poor, at least have the local admin enabled.

[Sparda]

at least have the local admin enabled.

You mean "at most"?