Strange ISP policy or...?

[Raptor_Fawr]

I don't get it. 

 

I'm part of this domain at work but I'm only a normal user, no admin privileges (I have them on C:/ tho)

I can use google chrome firefox explorer and edge to access the internet, some websites are blocked as usual but I can access most of the internet without issues. 

 

Except that I cannot update windows nor office. I've installed office16 but it's in english and I wanted to change language but I can't. I've downloaded setuplanguagepack and it says "unable to install because you have no internet connection. This issue also happened to me with another software

 

So I tried to download TOR and use it to somehow bypass this issue since apparently microsoft doesn't provide offline installers for that, but tor is also blocked in some way and it cannot connect to the internet. 

 

I'm out of ideas

[Levent]

Sounds like your issue needs to be discussed with the IT department. 

[Windows7ge]

If you're unable to connect to the Internet it sounds like something you need to talk to the IT Dept about. As for everything else it's pretty standard in offices and on Domains to have restrictions on both the computer and web access. Chances are there's a firewall or web-filter in place preventing you from accessing or using the services you're trying to access where again you'd need to consult your IT Dept to ask if it's something you're allowed to do.

[Raptor_Fawr]

1 minute ago, Levent said:

Sounds like your issue needs to be discussed with the IT department. 

True but the last time they did someting for me it took them 2 weeks for a 3 minutes issue literally the guy entered the door and while saying sorry for being so late he solved the problem and went out. 

[Levent]

Just now, Raptor_Fawr said:

True but the last time they did someting for me it took them 2 weeks for a 3 minutes issue literally the guy entered the door and while saying sorry for being so late he solved the problem and went out. 

Without privileges nobody can here help you. Thats whole reason why IT departments exist, thats your only option.

[Raptor_Fawr]

Thank you anyway guys

[ddennis002]

3 minutes ago, Raptor_Fawr said:

Thank you anyway guys

Ask them for temp domain admin privileges for X hours. Install what you have to install, then while your escalated increase your local privileges on that computer to admin that way on that machine your domain account has local admin privileges even after the domain admin privileges expire.

[Eigenvektor]

14 minutes ago, Raptor_Fawr said:

Except that I cannot update windows nor office. I've installed office16 but it's in english and I wanted to change language but I can't.

Updates in a domain are usually managed centrally (Search for WSUS) so that all computers are on the same patch level. Makes support easier and allows IT to vet updates to avoid breaking stuff.

 

1 minute ago, ddennis002 said:

Ask them for temp domain admin privileges for X hours. Install what you have to install, then while your escalated increase your local privileges on that computer to admin that way on that machine your domain account has local admin privileges even after the domain admin privileges expire.

Yeah, right. No admin worth their salt will do that without supervision. Plus, that is most likely a breach of contract and might get OP fired.

[ddennis002]

1 minute ago, Eigenvektor said:

Yeah, right. No admin worth their salt will do that without supervision. Plus, that is most likely a breach of contract and might get OP fired.

We do domain admin privileges for 1 hour to allow user to self install programs. This is on a per request basis and the user has to call in to verify identity and provide computer name and information ect.

[Donut417]

3 hours ago, Raptor_Fawr said:

I don't get it. 

 

I'm part of this domain at work but I'm only a normal user, no admin privileges (I have them on C:/ tho)

I can use google chrome firefox explorer and edge to access the internet, some websites are blocked as usual but I can access most of the internet without issues. 

 

Except that I cannot update windows nor office. I've installed office16 but it's in english and I wanted to change language but I can't. I've downloaded setuplanguagepack and it says "unable to install because you have no internet connection. This issue also happened to me with another software

 

So I tried to download TOR and use it to somehow bypass this issue since apparently microsoft doesn't provide offline installers for that, but tor is also blocked in some way and it cannot connect to the internet. 

 

I'm out of ideas

The thing about enterprise Windows is IT departments have a greater level of control over updates. You will need to contact IT and have them push the update. 

[Raptor_Fawr]

Unfortunately I work in a place where they don't really care about that stuff and that's why I've asked here... My company is big but relies mostly on outdated stuff to get it going, in my office alone (which consist on 10-15 people and it's less than 5% of the company branch I work in) there are two people working with WinXP, one of them has Vista, four have Win7 and the others have Win10 (some have pro, some others have enterprise) so it's a complete mess. I had to reinstall windows recently and everything works fine except I have some language issues (some coworkers still ask me why some software in my computer shows an english interface when they notice) 

[Eigenvektor]

6 hours ago, ddennis002 said:

We do domain admin privileges for 1 hour to allow user to self install programs. This is on a per request basis and the user has to call in to verify identity and provide computer name and information ect.

Hm, interesting. Wouldn't a local admin account be enough though? That sounds like a good way for an employee to get access to things they should never have.

[ddennis002]

6 minutes ago, Eigenvektor said:

Hm, interesting. Wouldn't a local admin account be enough though? That sounds like a good way for an employee to get access to things they should never have.

You can set the Domain Admin privileges for just one machine, that is why we collect the computer name. Yes a local admin account would be enough and there is one built into every machine but that would require giving out the master admin password which would work on every pc on the network. We promote to domain admin cause we can control that at the server level and restrict that privilege to a given machine.

 

I believe we give them domain power user privileges not admin, but its almost the same.

[Donut417]

9 minutes ago, Eigenvektor said:

Wouldn't a local admin account be enough though?

What I remember from my Windows 2003 server course from a million years ago. IT departments sorta create their own update servers. So when you try to update Windows or other Microsoft software it hits the internal update server. This is so IT departments can test updates before they are deployed. Not sure if its still done this way, but Id imangine it is. Keep in mind that Pro/Enterpise Windows can connect to a domain. 

[ddennis002]

2 minutes ago, Donut417 said:

What I remember from my Windows 2003 server course from a million years ago. IT departments sorta create their own update servers. So when you try to update Windows or other Microsoft software it hits the internal update server. This is so IT departments can test updates before they are deployed. Not sure if its still done this way, but Id imangine it is. Keep in mind that Pro/Enterpise Windows can connect to a domain. 

Yes this is very much how it is still done.

[Eigenvektor]

1 minute ago, Donut417 said:

What I remember from my Windows 2003 server course from a million years ago. IT departments sorta create their own update servers. So when you try to update Windows or other Microsoft software it hits the internal update server. This is so IT departments can test updates before they are deployed. Not sure if its still done this way, but Id imangine it is. Keep in mind that Pro/Enterpise Windows can connect to a domain. 

Yep, that's what I mentioned above, "WSUS" (Windows Server Update Services).

[Raptor_Fawr]

This topic is still interesting even if it will not help me... I always wondered how things were done in the IT department, I've configured a lot of local machines (I've just switched my main home computer to windows10 like two hours ago lol, win7 was perfect for me but I also needed some software that it's not supported anymore for that OS) but I've never worked with servers

[Raptor_Fawr]

In the end I was able to update my language etc by using a usb wifi dongle, I guess it was just a firewall issue that I had no control over

[Alex Atkin UK]

Curious that they never thought to block you adding another network device.  Sounds like security there is scarily inadequate with the other things you've said.

[dalekphalm]

On 1/7/2020 at 4:40 PM, Raptor_Fawr said:

Unfortunately I work in a place where they don't really care about that stuff and that's why I've asked here... My company is big but relies mostly on outdated stuff to get it going, in my office alone (which consist on 10-15 people and it's less than 5% of the company branch I work in) there are two people working with WinXP, one of them has Vista, four have Win7 and the others have Win10 (some have pro, some others have enterprise) so it's a complete mess. I had to reinstall windows recently and everything works fine except I have some language issues (some coworkers still ask me why some software in my computer shows an english interface when they notice) 

Why did you have to reinstall Windows? Why didn’t IT take care of that for you?

 

Speaking as someone who works in IT, you want to try to work with them as much as possible. Trying to bypass them isn’t a good long term strategy. 

[Samfisher]

On 1/8/2020 at 7:12 AM, Eigenvektor said:

Yep, that's what I mentioned above, "WSUS" (Windows Server Update Services).

TBH a lot of SMEs are moving away from the WSUS model now.  I know the last few companies I've worked at have.

[dalekphalm]

11 hours ago, Samfisher said:

TBH a lot of SMEs are moving away from the WSUS model now.  I know the last few companies I've worked at have.

What exactly are they replacing that model with? Just let the workstations download updates directly from Microsoft?

[Samfisher]

8 hours ago, dalekphalm said:

What exactly are they replacing that model with? Just let the workstations download updates directly from Microsoft?

Yeah, just direct internet download from MS.  I haven't given it much thought why they're doing it tho.  Must be some reason I just haven't thought off, considering I've never thought about it much in the first place

[Jarsky]

 

54 minutes ago, Samfisher said:

Yeah, just direct internet download from MS.  I haven't given it much thought why they're doing it tho.  Must be some reason I just haven't thought off, considering I've never thought about it much in the first place

It kinda makes sense for SME's  (which I use that term for ~50ish or less staff) if they don't need strict version control for compatibility or compliance. WSUS/SCCM can be a pain to maintain. Just put a policy in place to disable feature updates and let them do it themselves from the internet. Just as long as theyre aware if their machine breaks its a reimage, far less hassle to reinstall the OS than to muck about with endpoints, packages, failed updates, etc...for a relatively small number of people. 

 

Enterprise and servers, SCCM is still the way to go. 

[Raptor_Fawr]

On 1/20/2020 at 4:48 AM, dalekphalm said:

Why did you have to reinstall Windows? Why didn’t IT take care of that for you?

 

Speaking as someone who works in IT, you want to try to work with them as much as possible. Trying to bypass them isn’t a good long term strategy. 

In my country there are some real issues with technology. Some companies have very old and outdated hardware with no intention to replace it. My computer specifically have a 2007 motherboard and 2gb ram, company antivirus and windows alone use 1,5 gb and our main enviroinment is based on google chrome...