On 12/13/2010 11:19 AM, Michael Bauer wrote:
> An administrator is very different there are many levels of
> administrative control in windows to say an admin is an admin is
> absurd.
I disagree. There's only one level of pwned.
> There is a big difference between a local admin and a domain
> adm
>The attack has some academically interesting details about how cached
>credentials work, but I agree with Stefan. If you own the machine, you own
>the machine. What's to stop you from, say, simply installing a rootkit?
Exactly. More importantly, even if you must make users local admins, there is
An administrator is very different there are many levels of administrative
control in windows to say an admin is an admin is absurd. There is a big
difference between a local admin and a domain admin. There are many types of
admin in windows and all of them have different levels of permission. I
> From: Stefan Kanthak [mailto:stefan.kant...@nexgo.de]
> Sent: Friday, 10 December, 2010 17:12
>
> "George Carlson" wrote:
>
> > Your objections are mostly true in a normal sense.
> > However, it is not true when Group Policy is taken into account.
>
> Group Policies need an AD. Cached credent
Stefan,
For you information:
Cached domain accounts on a local system are not stored in the SAM. They
are stored in the SECURITY registry hive. When a cached domain user logs
in to the system, they do not authenticate against the SAM (As you can see
in my article, I am not editing the SAM).
"George Carlson" wrote:
> Your objections are mostly true in a normal sense.
And in abnormal sense?
> However, it is not true when Group Policy is taken into account.
Group Policies need an AD. Cached credentials are only used locally,
for domain accounts, when the computer can't connect to th