Tuesday, 2 September 2008

Getting around in a "locked down" environment

I probably should not really be blogging this little entry, but I just can't help myself! Please continue reading or using these little details at your own peril.

Recently I discovered myself in a "locked down" environment, yet I still had a tonne of software to install, and I desperately needed it installed "today" rather than after 1 month. (the contract in this case was for this primary purpose - installations, configurations and support) (something completely different to what I've been doing for many years now, but not so different from what I was doing 10 odd years ago, so I had the skills)

My first step in any new site is to meet as many people as I can, and then to make friends with those that I desperately need, in the order that I need them. It is a hard cold fact, and they know it, and I know it. I am ... for want of a better word ... using them. By doing this though, I suddenly start avoiding official processes, official documents filled out in triplicate, and actually get things done rather quickly. Which makes me look good, compared to the rule followers.

So with enough friends on my side, around day 2, I learned 1 useful tidbit about the so-called "locked down environment".... it is not so locked down as made out to be. Thanks to XP's security model, the thing that really enforces lockdown policies is done via LDAP ... when you login or logout of the domain.

And again, with enough friends on my side, I managed to secure just a slightly better than completely useless level of workstation usage. And here comes the fun bit. Many of the GUI widgets for changing a workstation are stripped out of your view, and some that could not be stripped throw you an error message if you try to access them.

So ... you find the command line equivalent and use that instead. No security to stop you. Thank goodness for XP! I have no idea what I'll do if I find myself in a Vista or better security modelled domain with the same deadlines - probably make even more friends instead, and take them to the pub every other lunch!

Here are the 4 that I am using frequently:

regedit - reg.exe
Data Sources (ODBC) - odbcad32.exe
RemoteDesktop - mstsc.exe
Add/Remove programs - MSIexec

I am sure there are others, but fortunately I have not needed more than these so far!

No comments: