This week's book giveaway is in the OCPJP forum.
We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line!
See this thread for details.
The moose likes General Computing and the fly likes how to solve the mystery behind this ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Engineering » General Computing
Bookmark "how to solve the mystery behind this ?" Watch "how to solve the mystery behind this ?" New topic
Author

how to solve the mystery behind this ?

gurpeet singh
Ranch Hand

Joined: Apr 04, 2012
Posts: 924
    
    1

i have a corporate laptop with windows xp in it. further it has got installed symnatec endpoint protection. whenever i try to open facebook etc it is blocked. i suspect that it is because of symantec protection. so i tried disabling it only to find that the options are greyed. so i searched internet and used the net user command to view my user accounts. i could see 4-5 accounts all administrator. so i changed the password of them using the trick given on the site(space + shift + *). i changed the passwords of the account(which are of the type administrator). i logged into them and then tried changing the setting of symantec , but i was not able to. i one by one logged into each account available , but in vain. then i read that the INBUILT ADMINISTRATOR account is sometimes disabled. so i enabled it from the registry editor. but still i was not able to see any Administrator account and neither was able to change the symantec settings. all i want to know is what kind of policy/technique possibly has been used by system administrators. ? how to override it ?
Martin Vajsar
Sheriff

Joined: Aug 22, 2010
Posts: 3610
    
  60

If you have a corporate laptop, it is probably connected to a domain. In this setup, certain settings can be set on the domain level and protected from the users (even admins) of the local machines.

I think that in principle it should be overridable, at least by modifying the registry, which is where Windows ultimately get their settings from. I cannot assist in that, as I've never tried to do so, but even if you succeed in overriding it, you would probably break your company policies. Think twice whether you actually want to do that.
Steve Luke
Bartender

Joined: Jan 28, 2003
Posts: 4181
    
  21

Also, the block on Facebook is probably not coming from a locally installed application. It is more likely to be coming from a corporate firewall that stands between you and the Internet. In which case, nothing you do on your laptop will get you through. You would have to connect from home, or from a device not connected to the corporate network, like your cell phone or a tablet.


Steve
Peter Johnson
author
Bartender

Joined: May 14, 2008
Posts: 5838
    
    7

The Symantec Endpoint Protection software on my corporate laptop is governed by a group policy set within the Active Directory (at least, I think that is where group policies are maintained), most likely yours is set up the same. Logging in as the various admin accounts won't help you change that, you'd have to get into Active Directory and change it there.

And I agree with Martin that I would think twice about changing the settings (even if you could find them). After all, the corporation owns that laptop, not you. (By the way, you will want to change the passwords back to their originals, you could get into trouble if your IT department finds out it no longer has access to your laptop to install updates or debug issues and whatnot.)

And are you attempting to access Facebook while on the corporate network, or from outside the network? If from the corporate network, it could be that the corporate firewall is blocking access.

If you have a legitimate business need to access Facebook at work, have your manager contact the IT department and put in a request. I did this once before when I needed access to a CVS repository. The IT department set up a special computer outside of the corporate firewall so that I could gain access. I had to sneaker-net files between that PC and mine, not ideal but it got the job done.


JBoss In Action
fred rosenberger
lowercase baba
Bartender

Joined: Oct 02, 2003
Posts: 11447
    
  16

also, be aware that hacking your corporate laptop may be a violation of your conditions of employment.


There are only two hard things in computer science: cache invalidation, naming things, and off-by-one errors
gurpeet singh
Ranch Hand

Joined: Apr 04, 2012
Posts: 924
    
    1

i'am attempting to access facebook from outside the company firewall , from a pubic network. i think Peter may be right regarding the active directory thing.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

IANAL, and I don't know where you are, but listen to @fred. In the US, when the company issues you a computer, its their computer. Period. They let you use it. They set the policies. If you want to be on Facebook, play World of Warcraft or watch porn, buy your own computer.

I have personally fired employees for violating the terms of use on company issued computers.
gurpeet singh
Ranch Hand

Joined: Apr 04, 2012
Posts: 924
    
    1

thanks everybody for their replies and i understand the consequences of violating the terms and conditions of the company. actually i am curious to know that how did they blocked settings of symantec endpoint protection to even administrators. i just wanted to know how they did it, because i thought if you log on as administrator you can do anything. i have always abided by the company policies and will continue to do so .
Peter Johnson
author
Bartender

Joined: May 14, 2008
Posts: 5838
    
    7

The Administrator account on a PC has full privileges, until you join that PC to a domain. Then only the domain admin has full privileges and he (or she) controls via group policy what your local admin account is and is not allowed to do. And even when you are not on the corporate network, and even if you create a non-domain admin account, you are still bound by those restrictions. Anything less that that and Microsoft would have a hard time convincing corporate IT departments to use their OS.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how to solve the mystery behind this ?