i have a corporate laptop with windows xp in it. further it has got installed symnatec endpoint protection. whenever i try to open facebook etc it is blocked. i suspect that it is because of symantec protection. so i tried disabling it only to find that the options are greyed. so i searched internet and used the net user command to view my user accounts. i could see 4-5 accounts all administrator. so i changed the password of them using the trick given on the site(space + shift + *). i changed the passwords of the account(which are of the type administrator). i logged into them and then tried changing the setting of symantec , but i was not able to. i one by one logged into each account available , but in vain. then i read that the INBUILT ADMINISTRATOR account is sometimes disabled. so i enabled it from the registry editor. but still i was not able to see any Administrator account and neither was able to change the symantec settings. all i want to know is what kind of policy/technique possibly has been used by system administrators. ? how to override it ?
If you have a corporate laptop, it is probably connected to a domain. In this setup, certain settings can be set on the domain level and protected from the users (even admins) of the local machines.
I think that in principle it should be overridable, at least by modifying the registry, which is where Windows ultimately get their settings from. I cannot assist in that, as I've never tried to do so, but even if you succeed in overriding it, you would probably break your company policies. Think twice whether you actually want to do that.
Also, the block on Facebook is probably not coming from a locally installed application. It is more likely to be coming from a corporate firewall that stands between you and the Internet. In which case, nothing you do on your laptop will get you through. You would have to connect from home, or from a device not connected to the corporate network, like your cell phone or a tablet.
The Symantec Endpoint Protection software on my corporate laptop is governed by a group policy set within the Active Directory (at least, I think that is where group policies are maintained), most likely yours is set up the same. Logging in as the various admin accounts won't help you change that, you'd have to get into Active Directory and change it there.
And I agree with Martin that I would think twice about changing the settings (even if you could find them). After all, the corporation owns that laptop, not you. (By the way, you will want to change the passwords back to their originals, you could get into trouble if your IT department finds out it no longer has access to your laptop to install updates or debug issues and whatnot.)
And are you attempting to access Facebook while on the corporate network, or from outside the network? If from the corporate network, it could be that the corporate firewall is blocking access.
If you have a legitimate business need to access Facebook at work, have your manager contact the IT department and put in a request. I did this once before when I needed access to a CVS repository. The IT department set up a special computer outside of the corporate firewall so that I could gain access. I had to sneaker-net files between that PC and mine, not ideal but it got the job done.
IANAL, and I don't know where you are, but listen to @fred. In the US, when the company issues you a computer, its their computer. Period. They let you use it. They set the policies. If you want to be on Facebook, play World of Warcraft or watch porn, buy your own computer.
thanks everybody for their replies and i understand the consequences of violating the terms and conditions of the company. actually i am curious to know that how did they blocked settings of symantec endpoint protection to even administrators. i just wanted to know how they did it, because i thought if you log on as administrator you can do anything. i have always abided by the company policies and will continue to do so .
The Administrator account on a PC has full privileges, until you join that PC to a domain. Then only the domain admin has full privileges and he (or she) controls via group policy what your local admin account is and is not allowed to do. And even when you are not on the corporate network, and even if you create a non-domain admin account, you are still bound by those restrictions. Anything less that that and Microsoft would have a hard time convincing corporate IT departments to use their OS.