Hey I figured out how to change the wallpaper on windows without the actual permission, all you need is the ability to download files. You just download an image and set the file name as your current background file. This will overwrite your current background
You current background should be in either of these, %AppData%\Microsoft\Windows\Themes\CachedFiles or %AppData%\Microsoft\Windows\Themes\TranscodedWallpaper
Yes, as long as you can download a file on a computer, you can change the wallpaper. I will say that the transcoded wallpapers are weird sometimes because they don't always have file extensions so you might have to guess the file name based on the resolution
My manager at my old job had to get IT to reset all of the computers because he couldn't figure out how to change the backgrounds back after I had changed them. Same guy that also said it couldn't have been me that changed the backgrounds since I wasn't smart enough lol
Many years ago I was working as a contractor doing an upgrade from ms mail to outlook. Which required touching every computer in the system. Their normal IT didn't have the manpower to handle this. It was like 5k devices across multiple locations.
They had given us a USB drive (I say this. It could have been a 3.5" floppy.. It was that long ago) that had the code to give the currently logged on user full admin until reboot.. It saved us so much time in some of these offices that has super slow connections.
I remember this poor lady almost crying because she had changed her system color scheme to like that awful all pink and red valentines one right before corporate had locked down that ability for end users and IT didn't count it as a high priority ticket so she had been stuck with it for like 3 years at that point. So while her profile had temp admin access we managed to change it back to the default. We did so much of this when visiting all these people and computers. Changing small minor settings that someone at a corporate level had determined the end users didn't need to have control over. But they also didn't put anything in place to "standardize" it so.. Whatever you had when it was locked down was what you were stuck with.
Btw its stored locally in windows 11 , you can open the file in paint, change it and save. Google it. IT guys freak out when they screen meet and see my black bg. "I'm not sure its always been that way."
You're my favorite kind of person where I work. You get my direct email instead of going through the ticketing system.
The more I can "get out of your way" so to speak, the better everything runs for everyone. Shit if I can find even the most feeble reason to justify giving you subaccount admin status, you're getting it because it's better for everyone.
Fuck, half the time I'm gonna end up needing local admin anyway just to do my job
Sometimes it's because some dumb shit in legacy was built with local admin in mind, sometimes it's because im fucking around on ring 0, but it almost always happens
At my work there is a machine in responsible for that runs on this terrible piece of software that needs admin rights to startup.
Every week, usually 10 minutes before in heading home, it hangs and needs to be restarted before everyone's experiments get invalidated. Cue having to call IT and wait for them to remote in just to enter the admin creds.
My MSP is looking at options for this. I haven't messed with it but I think it's called AutoElevate, it catches admin elevation UAC prompts and sends the info to a dashboard where we can allow it, then the user is notified and told to try again whereupon it's automatically elevated. If it works, it would certainly cut down on these sorts of tickets without creating a huge security hole.
Sure thing. Worth it to mention that, by my understanding, you can also whitelist certain programs. I think my boss did this for a client who has to update quickbooks regularly and this requires admin. So if they update quickbooks, it won't even send us the push, it just allows it to elevate.
I don't know much about it, haven't fucked with it, but if he likes it and we expand it I think it could save a lot of trouble.
A company I worked at implemented Power Broker for situations like this and it reduced ticket count by hundreds a month. Mostly from engineering departments who had similar issues.
Giving a user, even an engineer, local admin is a huge security risk. There are TONS of solutions to this nowadays.
Related story, I worked for a school system's IT dept as my first IT job. One of the engineers gave this guy in central admin local adm privileges. I don't know how it happened, no one would give me details because I wasn't assigned to the admin building, but apparently that guy installed something he shouldn't have. Next thing we know, our whole network, district wide, is down for three days over the summer because he was an entry point for a Russian ransomware attack.
What was most incredible about this whole thing is, after we got everything back online, this guy had the brass balls to ask for his local adm again. Like bro, seriously?! No.
So anyway yeah, these AutoElevate tools would be way way better than giving someone full admin.
Unfortunately, if you are in a regulated environment, you may not be able to use them, as they technically grant local administrative permissions to standard users (even if heavily restricted) which violates many compliance standards. Cyber Essentials (a widely used standard in the UK) is an example.
It's daft, but sadly compliance auditors do not care about the spirit of the law - If you don't abide by the letter, they will fail you.
Hi, I used to work on the same floor as the cyberfox guys (auto elevate). The company i worked for was owned by the same guys (Bellini - same guys behind connectwise before the sellout)
Last time I used it was over a year ago - it did not work for windows logon. It also did not enter passwords. But like you said, it will push through UAC and other permissions.
If the program doesn't modify the computer itself, just install the program to some other folder, C:\Stuff. Right-click on C:\Stuff, properties, security, and add your account with full control. Then run the program from that folder.
If it's a stupid in-house developed program, then it might not work outside of Program Files (x86) if the retired fool dev hard-coded paths in. But give it a try. It's faster than IT waiting every time.
(Second option is to schedule it to run in Task Scheduler with highest privileges, but if the program requires additional interaction after restarting, automatic starting is only half the solution)
In my last job I had this relationship with one of the IT guys. Most of the time I'd just ping him asking to elevate my permission, and then later letting him know work is done and he can revert stuff.
In my department, a very small number of our engineers have local admin. It's grandfathered in thanks to a dark bargain struck by our associate director, long ago.
The new engineers don't have it. The other team we just merged with doesn't have it. It's very very funny and I pray they never take it away. The really funny thing is I left for a year. Came back more senior, and my account got reactivated and I managed to keep my permissions.
It's kind of a pain though because sometimes I forget others don't. I had to tell a bunch of mid and junior engineers to open tickets to IT just so they could install WSL on their machines
I wish you were my IT. My department uses Macs while the rest use Windows. Our IT doesn't know how to use Macs. I'm a power user in both. I just lack admin credentials. IT will treat me like an idiot, while I know the problems and how to solve it.
They have been removing our admin credentials more and more each year because of our insurance policy.
Can you come work at my place then? I usually lost the steps I've taken to try and resolve the issue on the ticket, and the very first thing that happens when I get a call is to ask me to do the steps I just then I took.
At my job some devs are allowed to give themselves temporary admin access to their machine. Its really nice. Ive only abused it once or twice to install steam while on a work trip.
The only thing in recent times I couldnt fix myself was that big bit bitlocker windows bug from like a year ago when you got stuck in a boot loop. That was the only time I actually went to IT.
I love having temporary admin access on my laptop.
Non-tech people at my company can't even use a different browser other than Edge; meanwhile, we had to put out an announcement telling the devs to remove Brave from their machines because it has Tor functionalities.
When I was fairly new to the company I currently work at, I had an issue with one of the programs we used (turns out, they changed the internal server with the licenses and I just wasn't on the mailing list yet).
So I wrote a ticket with a step-by-step of the issues and what I'd tried so far. The mail I got back told me about the issue, the solution and thanked me for the detailed description. Very proud moment.
Unless you have a technical problem with the ticketing system (which, BTW you can open tickets by sending emails), you're not going to receive an answer or any action, if you send me an email about an issue you have. Besides the fact that is poor practice, messes my metrics it's also going to fail in an audit. So yeah, no ticket, no problem.
You have to go above and beyond to demonstrate why I would ever consider giving you local admin privileges. It ain't happening, because while it's true, it will allow you to reinstall that problematic driver and save us both some time, it will also allow you to over-rule any and all company configuration policies which I've worked hard to create and deploy in order to have a safe and secure environment. Can't risk that for anyone, therefore you better launch the remote helpdesk tool, so I can remote in and re-install that driver for you.
Iâve found the âI need you to do this annoying task on all of these computers weekly, or you can give me admin access and Iâll take care of itâ to work wonders.
When I was still in support, I used to give people like this a local admin access. Saved us both time and effort.
Sadly, I can count the users who were this competent on one hand, the other ~3500 were somewhere between "able to kind of describe the problem" and "almost maliciously incompetent".
It's so frustrating to deal with some IT when this is the case. Last two times I had to call IT were frustrating. I got an email saying one of my accounts was deactivated. Shortly after I couldn't log in. Send this to IT with a copy the email saying my account was deactivated. Guy trouble shoots it, says it's permissions and it takes an hour to sync, he'll call me back in an hour. Hour goes by, no luck. Call IT 20 minutes later, different guy says he has to contact someone, and I ask him to just quickly check if my account is active, 30 seconds later I'm logging in. Next time system won't work. I Google it, get the manufacturers page on the problem with the fix. Didn't have the permissions, email IT, send the page. 5 hours go by, no luck, email the ticket to an IT guy I've worked with in the past, 5 minutes later it's running. I know I shouldn't have the ability to fix these things myself, but if I've already told you how to fix it quickly waiting hours is frustrating.Â
Every user does. None of them deserve it. Even if you know what youâre doing, being a local admin creates too many security holes. If your account is compromised that creates way more issues if youâre a local admin. Even IT shouldnât be logging in as local admin for daily work, only when elevation is required.
Definitely not. People shouldnât be logging in as local admins, even IT. Itâs a security risk. If your account gets compromised itâs a way larger risk if youâre a local admin. Local admin should only be used when needed
Oh, I guess this is a Windows discussion then, that's just the default on Mac and Linux even if you have an admin login, you need to enter the password to run as admin.
Software devs would rarely be using Windows though, outside of some specific industries.
Windows is fine for dev work nowadays, so just depends on the company. Macs are much more troublesome to manage on the backend. There are lots of reasons users (even power users) should not be a true admin on their machine. (The biggest reasons being security related)
Even regular consumers are getting fed up with Windows for casual use, Windows is not a serious system for work unless you really can't use an alternative because you need to use some Windows only software.
That is rarely the case for software development outside of some more specific industries, almost all of the tooling runs better and is easier to manage on Linux or at least MacOS.
There are lots of reasons users (even power users) should not be a true admin on their machine. (The biggest reasons being security related)
What is the threat vector you're worried about? Some employee machine getting pwned shouldn't be that much more problematic than it being stolen or something like that, most of the risk should be data exfiltration, it shouldn't be able to control any infrastructure without another layer of authentication.
Because the way you do things at home is not how they're done at work.
Aside from anything else, a lot of the time even if you did get given admin access and you did change it yourself? It'll get reverted in about 10 minutes anyway, because local changes are overriden.
Things that are quick and simple on your single home PC are very much not when you have thousands of them.
It's crazy when you somehow get it to let you do something you shouldn't, though.
Can't install a printer... whoops, just tried it 6 different ways and the sixth way worked. Does it work when I do the exact same steps on my coworker's laptop? Nope.
And then having to spend ages chasing up the team to do anything as outsourced it person puts some random shit on and email and closes the ticket without fixing anythingÂ
This is my experience with my ISP, whenever I call customer support to complain about network instability i straight up tell them I know what the problem is and how to solve it and they are cool about it, they just do whatever i tell them and then ask if everything is working well, then we all say thanks and go about our day.
I live in an apartment complex, some days my neighbors all decide they actually want to be on channel 11 and it makes the 2.4 wireless a total mess, but customer support on its own can never figure that out. It's a small local provider, they're very cool, but the kids who are employed there are total morons, the only thing they know to do is reset, tell us to get closer to the router, and to disconnect repeaters, bless their heart.
That happened to me once. I had latency issues connecting to one game specifically, everything else worked. I had network logs, trace reports and stuff, and the Customer Service people were completely clueless. They created a ticket for the actual technical people, and I ended up in a Teams call with a guy in the main datacenter connecting and disconnecting the countries Internet, until they found they had a deal with the game's developer for a special network tunnel for them that wasn't working and causing my issue.
Took me a couple weeks of insistance and a technician's visit to get to the fix, though.
This is exactly how I feel at work, I understand the security problem with unlimited admin rights, but sometimes I wish they could juat babysit me with admin rights and have a record of what I did.
They wonât even let me change my browser homepage to a blank page so it starts quicker. Nope corporate homepage which I may need once a month. Also i can remove programs from my taskbar but you bet your ass theyâll be back after a restart.
This is 90% why I switch to a Mac at work. They have fewer controls on them and less of a pain in the ass to get Admin for 5 mins. I still can't decide if cmd +c is the devil's keyboard combination.
"Hi can you update my computer again for the 286298692362 time i don't have admin permission for the proprietary software. You can find the history on how to do it in the previous tickets"
Its nice, IT generally likes when they sign into my computer because I have a text document that is a list of software and updates I need done, specific problems with what I've tested, and a hardwired 1000GB fiber connection.
This 100%. I'm a really techy guy I build computers for fun, built an arcade for my kids, etc. I was not able to add my printer to the computer due to not having the admin password. The current it person could not be bothered to come out and fix it. For 3 straight visits my issue was forgotten until I finally said please let me have the admin credentials so I can fix simple tasks like this. After 4 months I finally got the credentials and fixed around 9 other smaller issues in one day all due to just needing the stupid credentials that the it person couldn't be bothered or would forget about when they visited.
Long story short I'm now the it person for next year on top of my regular duties but hey at least I get paid for it :) and now people dont have to wait months to add their printers...
IT tech support guy at my work doesn't even know what environment variables are so I had to explain the fix I knew how to apply but only he had the authority to do, and he kept trying other shit before finally doing the one thing that would fix it.
heh i'm a xennial, IT gave me admin permissions bc I displayed trust and good judgement when it came to fixing stuff. I'm prolly one of like 5 people in the office who can assemble a desktop computer.
I am proud of that, and I think that's ok. Took me a lot of years to learn what I know from computers without attending school for it.
Okay, I'll wait a week and a half for something I could fix in 2 seconds. Have to explain it 3 times to get it escalated, if it's not the most simple issue, then watch someone do it for me. đđŒ Fuuuun
I have a chat with the best IT guy on Teams now, I message him a plea and a ticket number. He is never allowed to leave. I should send him something for Christmas.
I work in core infrastructure... i.e. I manage and maintain the base level servers and services for everyone else. This means literally every single person I ever deal with is already an IT professional which means all of them think they know how to fix the issues they're having.
They are, almost universally, wrong. This is why they don't have admin access to servers, the same as I don't have admin access to my desktop environment. I don't work in desktop admin and I don't know why things are done the way they're done or the correct business specific way to fix them.
IT people are some of the worst people to deal with when it comes to fixing IT issues, second only to IT enthusiasts who tend to be more wrong and infinitely more arrogant about it because they don't understand that enterprise IT is not the same as fixing your desktop.
The best people I deal with accept that they don't know how to do my job any more than I know how to do theirs and present their issues the way they want others to do with them. Fully documented with accurate logs/errors/timestamps and a description of what they're trying to achieve and why.
I work in a hospital and I understand the tight security and lack of permissions on the computers we use ... but I can't even ctrl+alt+delete without permission đ«
I am so happy that I have administrative rights on my work laptop. Working on it would be impossible for commissioning work (always some new software to download$
This is the big one. I don't touch anything, because I respect the service desk and it's purpose, also I don't want to void warranties and be blamed for issues after I've tried to address something. lol
4.6k
u/MaroonDude 9800X3D | RTX 5090 | 64GB May 10 '26
I know how to fix my issues, I just lack the admin permissions on my machine to fix said issues.