I work in IT for a local school. The people who supplied the computers (win98SE) have setup a 'lock down' so that pupils can't logon to local machine.
One of their PCs needs a new motherboard and in order to change it and set up drivers for the new NIC I need to logon to the local machine, then when I've loaded all the motherboard resources and other drivers, I'll set it back to logon to domain with the same 'lock down'. Lock down = disabling esc function at Domain logon window.

Does anyone know how I change the settings in DOS to enable local logon? The PC supplier say it is not possible but I think it is.
Cheers

ap0stle, Welcome to Windrivers.

I find it hard to believe that an authorised person would not be able to logon locally. Who is the pc supplier and why do they assure you it is not possible?

Sounds like you got poledit running. Login to the network, with a floppy disk having poledit.exe and an adequate admin.adm file and you can open the policy, and uncheck the login option that requires Network authentication...I think you can also do something like this in safe mode, in fact, I bet you can manually edit the registry to remove this requirement in normal mode...I will poke around.

If you've never used poledit you may need to poke around a bit...But it's easy once you find what you are looking for.

Ok, the registry key that Poledit sets up is at HKLM/network/login the string name is MustBeValidated , should have a value of 1. Either set that to zero, or just delete the string. If you go into safe mode you can get on locally and edit this string, so that when you go back in under normal mode you can function locally, and without a network connection.

This is all presuming that this is poledit we are facing, and not some 3rd party solution…

Gotta agree with Noo here. Sounds fishy.

You should just reinstall windows and then apply the policy again seeing how it's new hardware. Then you wouldn't have this problem

Gotta agree with Noo here. Sounds fishy.

You should just reinstall windows and then apply the policy again seeing how it's new hardware. Then you wouldn't have this problem

I am right this time... :thumbs:

If you can't connect to the registry with the machine up you can dump the registry in dos, edit one line for group policy processing, recompile the registry, and boot to a machine with gp disabled.

Ok, the registry key that Poledit sets up is at HKLM/network/login the string name is MustBeValidated , should have a value of 1. Either set that to zero, or just delete the string. If you go into safe mode you can get on locally and edit this string, so that when you go back in under normal mode you can function locally, and without a network connection.

This is all presuming that this is poledit we are facing, and not some 3rd party solution…

Yep. I can boot into dos and using edit.com I can see the admin.adm file with a bunch load of settings
I have attached the file <scanned with nav 30th Mar defs>

If you guys can tell me what to change, so that I can logon locally, you'll be my saviour!

Sorry Can't attach file! And too big to paste!

Boot into Windows safe mode, (Not DOS)!!! Then edit the registry string I told you about above!!! :thumbs:

Boot into Windows safe mode, (Not DOS)!!! Then edit the registry string I told you about above!!! :thumbs:


I can't boot into Windows at all! All I get is domain logon.Esc key does not work because it has been disabled by poledit

I don't know how to edit poledit, cheers

I can't boot into Windows at all! All I get is domain logon.Esc key does not work because it has been disabled by poledit

I don't know how to edit poledit, cheers

Safe mode does not ask for a domain login.....

As the machine starts up, after BIOS, start hitting the F8 key until you get a menu come up. Choose Safe Mode. Windows will load with minimal drivers, but you will be able to get into the Registry.

If anyone has a more descriptive/nicer way to get into Safe Mode, please post! :thumbs2:

Sorry, I new this. I can boot in safe mode but admin functionality is disabled. I can boot into windows in a very crippled safe mode.
I can't run regedit for example

In other words. How do I edit the registry when I don't have admin rights because they are set I presume by poledit.

I can't run poledit either.

I can view the admin.adm file in edit.

I have deleted all the settings under category 'network'

Still no joy.

OK, its quite obvious to me you are NOT an authorised admin of the system. Please go and get yourself authorised and quit trying to break something that clearly you have no right to do.

OK, its quite obvious to me you are NOT an authorised admin of the system. Please go and get yourself authorised and quit trying to break something that clearly you have no right to do.

Didn't like to say it..... :sad:

Then report the post and I will say it, it is what I am here for!

Then report the post and I will say it, it is what I am here for!

Am suitably chastised. ;)

Then report the post and I will say it, it is what I am here for!
I thought from your first post you HAD said it :D

Too much police work...the dude is there for a repair, and he needs our help. Apparently he went to the supplier (the place that implemented the policy), and it seems that they don't want him to muscle in, and take their client away. Well, fair is fair, he was hired by the school to change this MoBo out...his words. Are we really going to go down this high and mighty road were we won't offer him help?

I could see if he came in here and said "I stole this computer from the local school, now I want to get by the password protection, can you all assist me in this crime?" But he didn't. To the best of my ability I believe he is just a tech trying to get a nut (or is that squirrel), and we should look past our skepticism, and get this guy some help!!!

Too much police work...the dude is there for a repair, and he needs our help. Apparently he went to the supplier (the place that implemented the policy), and it seems that they don't want him to muscle in, and take their client away. Well, fair is fair, he was hired by the school to change this MoBo out...his words. Are we really going to go down this high and mighty road were we won't offer him help?

I could see if he came in here and said "I stole this computer from the local school, now I want to get by the password protection, can you all assist me in this crime?" But he didn't. To the best of my ability I believe he is just a tech trying to get a nut (or is that squirrel), and we should look past our skepticism, and get this guy some help!!!
The proper way to get to that "NUT" as you call it would be to install a fresh copy of windows and then implement that security policy after it was installed. Plus why is he changing a motherboard on an operational computer? Just lots of inconsistancies that I see. My 0.04

Yes I know I don't have admin rights

The company who supplied the computers have tightened up policies so that the students don't mess around with settings.

My job is to replace a motherboard

I don't think you understand my original intention is good and honest.

I'm trying to save a school from being ripped off by a company who has supplied a computer that has failed and who want to charge £200 for changing a policy setting so that I can replace the motherboard

The proper way to get to that "NUT" as you call it would be to install a fresh copy of windows and then implement that security policy after it was installed. Plus why is he changing a motherboard on an operational computer? Just lots of inconsistancies that I see. My 0.04

3 cents...(change back) :p

I have been involved with the school since 2001 and have saved them a lot of money.

I have been in the computer business since 1989.

This machine needs a new motherboard. I have diagnosed it correctly.

Having assembled over 5000 computers in my time and diagnosed twice as many, I do this blindfolded.

But... when it comes to policies yeuch!

Yes I know I don't have admin rights

The company who supplied the computers have tightened up policies so that the students don't mess around with settings.

My job is to replace a motherboard

I don't think you understand my original intention is good and honest.

I'm trying to save a school from being ripped off by a company who has supplied a computer that has failed and who want to charge £200 for changing a policy setting so that I can replace the motherboard

I'm with ya, unfortunately I think this is a little more robust then I once perceived. If policy is running in safe mode, I have to wonder if we have a 3rd party app or something.

Going along the lines, I think you need to get the school to file a complaint with the supply company, insisting that they offer a solution past their security setting at no cost. It seems only fair...and if they don't, threaten to and follow through with reporting them to a consumer alert agency, or government protection group against fraud...that's what I would do if you end up unable to figure this out...

Not to mention, if the MoBo is failing, they should replace under warrantee, unless that has run out. Either way, your school owns the PC’s, they need to offer the solution, or the school needs to buy from someone else, and sue the pants off of the supplier…

I have been involved with the school since 2001 and have saved them a lot of money.

I have been in the computer business since 1989.

This machine needs a new motherboard. I have diagnosed it correctly.

Having assembled over 5000 computers in my time and diagnosed twice as many, I do this blindfolded.

But... when it comes to policies yeuch!
So why not just do a fresh install of windows OR get an admin at the school to login and change the policy (if in fact that is what it is and not a 3rd party app as mentioned above). Swapping hardware like that is bad for an os (unless it's the exact same model in which case this is a witch hunt!)

So, I've come in full circle back to where I started a month ago.

The school has no 'admin' except me.

As you realise, changing hardware on a 'locked down' system is tricky.
But the company conncerned know they have us over a barrel and are rubbing their hands in glee that they will get a lot of money for a PC that has failed.

This is typical of the way selfish people think. Give me, give me, give me.

I will crack this

Thanks anyway

I will crack this

Thanks anyway

When you do get a way around this, please let me know. I for one am quite interested...

Something I am wondering, is it possible to run Poledit from within windows, or no? We never really discussed if you could do that or not.

Also, describe some of the many restrictions you have encountered. It might make it easier to identify what sort of program/policy is being used.

And something else, I wonder if you would be able to execute any *.reg files. If that's the case, create a text file, give it a .reg file extension, then run it...inporting a setting, without actually opening regedit.


This is what I would use in the file for 95, should work in 98:



[HKEY_LOCAL_MACHINE\Network\Logon]
"MustBeValidated"=dword:00000000

Run that logged into the network, then logout, should let you hit the escape key to get to the local desktop...then we just need to figure out how to turn everything else off...

So, I've come in full circle back to where I started a month ago.

The school has no 'admin' except me.

As you realise, changing hardware on a 'locked down' system is tricky.
But the company conncerned know they have us over a barrel and are rubbing their hands in glee that they will get a lot of money for a PC that has failed.

This is typical of the way selfish people think. Give me, give me, give me.

I will crack this

Thanks anyway
Ok so if you an admin then wipe the system and do a fresh install on the new mobo and then join the machine to the domain and then lock it down again to YOUR standards so there wont be this problem anymore

Ok so if you an admin then wipe the system and do a fresh install on the new mobo and then join the machine to the domain and then lock it down again to YOUR standards so there wont be this problem anymore

And what about the other 100 or so PC's, I am sure he would like a way around them without reinstalling each and every OS... :thumbs:

If you can't connect to the registry with the machine up you can dump the registry in dos, edit one line for group policy processing, recompile the registry, and boot to a machine with gp disabled.
^^ Solution is right here.

1) Boot to dos.
2) Dump registry with regedit
3) Edit key responsible for telling windows to process GP (change a 1 to a 0, can't remember key, been at least 4 years)
4) Recompile registry with regedit
5) Boot to windows.

And what about the other 100 or so PC's, I am sure he would like a way around them without reinstalling each and every OS... :thumbs:
ALL of them have bad mobo's?!?! If so then I would either recommend new systems OR go after the company that supplied the machines (if they are still in warranty). But a simple ghost image would suffice methinks

ALL of them have bad mobo's?!?! If so then I would either recommend new systems OR go after the company that supplied the machines (if they are still in warranty). But a simple ghost image would suffice methinks

Alright, don't you start acting like a DumbA$$ too! I mean, it would be nice to have better control of these PC's for his purposes. There may be something else that comes up down the road that he needs to get by the policy, without needing to ghost or reinstall... :eek2:

http://www.angryziber.com/tools/



AntiPol


AntiPol is a small utility. Nothing special in it. When run, it enables registry editing tools, which were disabled by Microsoft Policy Editor probably by administrator. From there you can edit other policies using registry editor.

In case you didn't know, policies are stored in
\Software\Microsoft\Windows\CurrentVersion\Policie s
Run from location: antipol.exe (<10kb)


i just downloaded it and put it on my "tech disk".

FREEWARE!!

Why wouldn't the company allow the customer access to the computer system...who cares that a school purchased it...Why can't the customer have access...Hmmmm...sounds like you can get this fixed for free my friend...

cry out fowl play...

What the company's name?...I know I wouldn't want to shop there.

OK, so this is a special case. What software have they put on there to lock the system down? Until you know that, you are pretty much peeing in the wind.

OK, so this is a special case. What software have they put on there to lock the system down? Until you know that, you are pretty much peeing in the wind.

He's safe as long as it ain't into the electric fence... :p

just thought this was interesting. I wen to that link ( Antipol) , clicked on that password cache proggie -
got this at firewall

[02/Apr/2004 17:30:35] !!! VIRUS ALERT : Tool-Pwdcaching !!! (192.168.1.33 - : HTTP GET http://www.angryziber.com/tools/enablepwl.exe)
i'll get it at home - but McAfee says virus, hmmmmm

just thought this was interesting. I wen to that link ( Antipol) , clicked on that password cache proggie -
got this at firewall

[02/Apr/2004 17:30:35] !!! VIRUS ALERT : Tool-Pwdcaching !!! (192.168.1.33 - : HTTP GET http://www.angryziber.com/tools/enablepwl.exe)
i'll get it at home - but McAfee says virus, hmmmmm


dude, re-read the DESCRIPTION of the program and THEN read what the virus scanner is CALLING it.

THINK.

Alright, don't you start acting like a DumbA$$ too! I mean, it would be nice to have better control of these PC's for his purposes. There may be something else that comes up down the road that he needs to get by the policy, without needing to ghost or reinstall... :eek2:

Thanks for the sentiments. I WILL get to the bottom of this but I suspect they are using either a special lockdown program that is MORE than just protection against misuse but more like foul play.
In DOS I renamed old system 1st registry (690k) and moved existing registry(1.3mb). I deleted the poledit directory and all the settings <backed up 1st> Went through all the critical ini files. Then booted in safemode and it took half an hour to load windows, came up with javarun error. And still the policies were in place.

If anyone wants me to send them a CD with the files I would appreciate an investigation.

In the meantime I will try tjj's idea and silencio's
1) Boot to dos.
2) Dump registry with regedit - how do you do this? Regedit is a windows program.
3) Edit key responsible for telling windows to process GP (change a 1 to a 0, can't remember key, been at least 4 years)
4) Recompile registry with regedit - how?
5) Boot to windows.

Thanks

http://www.angryziber.com/tools/
In case you didn't know, policies are stored in
\Software\Microsoft\Windows\CurrentVersion\Policie s
Run from location: antipol.exe (<10kb)
FREEWARE!!

Do I run this proggie from which location? You have given me the location in the registry for the policies. Do I run this antipol within windows directory?

Thanks Ya-know
Thanks tjj, I used antipol.exe in safemode.
I got into registry!
This is what I found

[HKEY_LOCAL_MACHINE\Network\Logon]
does not exist>>>>"MustBeValidated"=dword:00000000
but this does:
PolicyHandler= GROUPPOL.DLL,ProcessPolicies
User="Unknown user"

Here's the contents of grouppol.inf
=============================
; GROUPPOL.INF
;
; This is the Setup information file to install group-based policies
; as an Optional Component.
;
; Copyright (c) 1993-1995 Microsoft Corporation
;

[version]
LayoutFile=layout.inf
signature="$CHICAGO$"
SetupClass=BASE

;Destination Directories for CopyFiles Sections
[DestinationDirs]
Grouppol.Win.Copy = 11 ; LDID_SYS

[Optional Components]
Grouppol

[Grouppol]
CopyFiles = Grouppol.Win.Copy
AddReg = Grouppol.install.reg
Delfiles = Grouppol.Win.Copy

OptionDesc = %GROUPPOLOPT_DESC%
Tip = %GROUPPOLOPT_TIP%
InstallType = 0 ; manual only
IconIndex = 11 ; default (diamond) mini-icon for dialogs
Uninstall = Grouppol_remove

[Grouppol_remove]
DelFiles = Grouppol.Win.Copy
DelReg = Grouppol.install.reg

;List of files to copy to the \chicago directory goes here:
[Grouppol.Win.Copy]
grouppol.dll

[Grouppol.install.reg]
HKLM,Network\Logon,PolicyHandler,,"GROUPPOL.DLL,ProcessPolicies"
HKLM,System\CurrentControlSet\Services\MSNP32\Netw orkProvider,GroupFcn,,"GROUPPOL.DLL,NTGetUserGroups"
HKLM,System\CurrentControlSet\Services\NWNP32\Netw orkProvider,GroupFcn,,"GROUPPOL.DLL,NWGetUserGroups"

[SourceDisksNames]
80=%DSK%,"",1

[SourceDisksFiles]
grouppol.dll=80,,12000

; User-visible strings
[Strings]
GROUPPOLOPT_DESC = "Group policies"
GROUPPOLOPT_TIP = "Group-based support for system policies"
DSK="Windows 95 resource kit"
========================
I have zipped the contents of <poledit> folder but can't attach them to this message. <Presume I need to upgrade or something>

Ap0stle

You cannot attach - you need to link from your own webspace.

You cannot attach - you need to link from your own webspace.
OK Cheers I'll do that later today

I removed the group policies from the registry and runonce happened. Windows started as a new install but the policies are still in place.

During install I noticed these errors:
1. ODBC erros

2.Java Package Manager
Unable to install Java Packages from C:\windows\Java\classes\OSP.ZIP
The system cannot find file specified

When I rebooted I got Private Debug Manager for Java
HTML Javascript Pluggable protocol
Execute Object for Java -
pointing to msjava.dll
I searched the registry and found many instances of it
Hkey_classes_Root \CLSID\{---loadds of characters---}

Does this mean the supplier is secretly running some java script to prevent ANY engineer from working on their systems?

If this is the case I am going to expose this to the Council as a con trick - i.e. this company MAY have set up all their PCs this way so that ALL the schools in the City are FORCED to use their services when they breakdown. And THEIR services will be to simply do straight to the offending java and disable it.

They won't tell me how to do this.

I now have 2 other engineers looking at this problem.

Ya_know! I'll keep you posted