I currently attend a school at which a large array of system security is organized, to prevent general troublemaking within the network, however the length to which our admins go to secure the system is astounding, and often rather annoying to the student body in general, as using the system for anything other than word processing has become a nuisance.

However, to date, those of us with a bit more computer knowledge than the average joe have been able to circumvent many of the 'security' features in place to stop students from playing Starcraft or whatnot at school, simply by renaming exes to 'iexplore.exe' to avoid many of the restrictions on what exes can be run on student Novell accounts, or by using Thinstall to compress programs with multiple features into a single exe, which we have renamed to the same effect.

However, playing games is a bit boring these days, and as it's nearly summer break, we figure we should have a little fun and learn some more about how the security that is in place actually works.

Our school currently uses a combination of Faronics's DeepFreeze program, Novell's Netware 4.91 and a Symantec AV program, all run on the Windows XP SP2 platform, which is installed on a mix of Dell and HP machines, different for different computer labs. This means that the internet and our shared network is solidly controlled by Novell, so although we can change the password of a machine's local student and admin accounts, a lot of the control we have is diminished by the simple fact that any changes we make are as temporary as the next restart or logoff of the machine thanks to DeepFreeze, and we have no internet or network access on any local accounts we change the password for through command.com. (to access command prompt, we copy command.com from system32 and then rename it to iexplore.exe, showing known file extensions)

In a nutshell, we are looking for ways to obtain Novell passwords for accounts with higher permission levels than our own, through any means possible. The problem with obtaining these passwords lies in the fact that teachers or admins will rarely, if ever, log in to machines other than their own, and it's extremely dangerous and difficult to tamper with these machines without being discovered, so a simple keylogging program that merely emulates the visual appearance of the Novell Login is out of the question.

I'm also wondering what, if any, control the local account retains when Novell is logged into it on a machine, as I have a hunch that discovering the local student account password for our machines may hold the key to performing remote administration on them, such as remotely shutting them down within the network or other commands.

Anything anyone could suggest on navigating around Deepfreeze, Novell and the Symantec protection would be highly helpful to us, I'd like to thank you in advance.. For the record, this is an entirely academic endeavour, as all involved are concerned about their long term academic careers, merely interested in what can be done to avoid many of the restrictions in place on the network, and maybe have some fun in the process, as we've a staff sanctioned student prank day ahead before summer, and some remote administration of machines would certainly be hectic fun.. :P

Again, thank you, I'd be happy to provide any details you need to help you suggest ideas or plans