So here’s the deal. My company has installed a new image on my laptop which is locking me out of a lot of features that I want access to. Everything from customizing the toolbar to using the “run” function to accessing the registry.
I have access to the local administrator password, and can log in as the local admin. As the local admin, I have full access to the computer, but no access to the network (so effectively worthless for day-to-day operations). I’ve tried setting my own profile to the administrators group, but that hasn’t helped. If I use my primary account to log onto the domain, I’m locked out, which is why I think it’s group policy stuff (I am no network admin so I might be wrong there).
ANYWAY. Is there any way, using my local administrator access, to make the computer give me full rights when logged onto the domain, or am I stuck under the thumb of the IT department?
Yes. Request the appropriate level of access through your company’s established channels, citing the features you require and how the restrictions are hampering you in your job function.
If you can’t accept the result, find a different company.
You can run select applications as another user, but the app that manages the UI (explorer.exe) is the same one you’d use to browse network shares and the like.
What you want to do is something Windows is specifically designed to prevent.
Also, bypassing the domain restrictions is almost certainly a violation of company policy (look up “acceptable use” in your employee handbook).
If you have Local Admin login, you can run cmd.exe using the Local Admin credentials (via the right-click menu Run as another User, or using the RunAs command in a cmd window). From the Local Admin CMD window, you can do some of the things you want (like RegEdit), but not all.
You certainly cannot do much about certain things (like the Toolbar) - if the IT policy locks those things down and enforces them via GPO, they will be refreshed at some point and wipe out your changes. Even with Local Admin rights, you cannot get around them (and I have been a Domain Admin and Systems troubleshooter and know all sorts of loopholes to get the access I needed to do my job).
However, it is worth raising the issue with IT - they may not actually be aware of the consequences of the lockdown and how it impacts users. Far easier to loosen the policy in response to a problem than have a company of unhappy users, particularly over something trivial like Toolbar preferences. However, I am also very aware that something like Toolbars can go badly wrong for a user, leaving IT with cases that require considerable time to resolve because a profile has lost all the Toolbar settings and cannot be reset. So I sympathise with the fix-it-once-fix-it-permanently mindset.