There may be an Active Directory domain policy which only allows a configured set of groups/users to be admin of your workstation. Keep in mind domain policies are applied at startup and periodically.
> Message: 1 > Date: Mon, 1 Jul 2013 15:16:45 +0100 > From: some one <s3cret.squir...@gmail.com> > To: full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] Abusing Windows 7 Recovery Process > Message-ID: > <CA+1kKf460FE0uo7ps780N3f=gFh8G=i0+o1yr5w1upoczub...@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > I tried this out onsite today. Got the cmd.exe as described and added a > user into local admin group... Restart the box try and login as new user > and it isn't there... > > Logged in as a legit admin and ran net users and no mention of my created > account... Weird... > On Jun 30, 2013 10:54 AM, "Cool Hand Luke" <coolhandl...@coolhandluke.org> > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> On 06/29, Grandma Eubanks wrote: >> > However, I think this is still interesting. It's been a while since I've >> > played with Windows boxes and won't have access to one for a couple days, >> > but isn't this triggering off of vendor supplied recovery partitions? >> This >> > is a regular Windows 7 sole partition box you tried this one? >> >> from a first look, i don't think a vendor-supplied recovery partition is >> necessary. it appears that it would also be possible if the "system >> restore" setting was enabled (but don't quote me on that). >> >> i'm not sure how likely that is in your average large, corporate >> environment. the ones i've seen have system restore disabled and opt to >> reimage systems instead when issues occur. i'm sure there are some >> environments where this could be useful, however. >> >> - -chl >> >> - -- >> cool hand luke >> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
