Errrr The user wasn't there never mind him being admin...
I'll test this out again when i next do a win7 review on a job On 8 Jul 2013 11:39, "Fabien DUCHENE" <f.duch...@car-online.fr> wrote: > There may be an Active Directory domain policy which only allows a > configured set of groups/users to be admin of your workstation. > Keep in mind domain policies are applied at startup and periodically. > > > Message: 1 > > Date: Mon, 1 Jul 2013 15:16:45 +0100 > > From: some one <s3cret.squir...@gmail.com> > > To: full-disclosure@lists.grok.org.uk > > Subject: Re: [Full-disclosure] Abusing Windows 7 Recovery Process > > Message-ID: > > <CA+1kKf460FE0uo7ps780N3f=gFh8G= > i0+o1yr5w1upoczub...@mail.gmail.com> > > Content-Type: text/plain; charset="iso-8859-1" > > > > I tried this out onsite today. Got the cmd.exe as described and added a > > user into local admin group... Restart the box try and login as new user > > and it isn't there... > > > > Logged in as a legit admin and ran net users and no mention of my created > > account... Weird... > > On Jun 30, 2013 10:54 AM, "Cool Hand Luke" < > coolhandl...@coolhandluke.org> > > wrote: > > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA512 > >> > >> On 06/29, Grandma Eubanks wrote: > >> > However, I think this is still interesting. It's been a while since > I've > >> > played with Windows boxes and won't have access to one for a couple > days, > >> > but isn't this triggering off of vendor supplied recovery partitions? > >> This > >> > is a regular Windows 7 sole partition box you tried this one? > >> > >> from a first look, i don't think a vendor-supplied recovery partition is > >> necessary. it appears that it would also be possible if the "system > >> restore" setting was enabled (but don't quote me on that). > >> > >> i'm not sure how likely that is in your average large, corporate > >> environment. the ones i've seen have system restore disabled and opt to > >> reimage systems instead when issues occur. i'm sure there are some > >> environments where this could be useful, however. > >> > >> - -chl > >> > >> - -- > >> cool hand luke > >> >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/