Mailinglist Archive: opensuse-edu (243 mails)

< Previous Next >
Re: [suse-linux-uk-schools] Hi all
  • From: Michael Brown <mbrown@xxxxxxxxxxxxxxxx>
  • Date: Thu, 6 Dec 2001 10:15:32 +0000 (UTC)
  • Message-id: <Pine.LNX.4.33L2.0112061001590.8720-100000@xxxxxxxxxxxx>
On Thu, 6 Dec 2001, Gary Stainburn wrote:
> > It's been possible to work around almost all of these. For example, you
> > can use NT's AT command to start up cmd.exe running as LocalSystem, which
> > enables you to bypass all local machine access restrictions. They simply
> > cause an irritating delay.
> Is this as seriously un-secure as it sounds? It is this simple to bypass all
> security features on NT? (This is a serious question - I've got no NT
> experience but may be having it forced on me soon)

You do need privileges to run the AT command in the first place, and you
also need the Schedule service to be running (or have privileges to start
the Schedule service). It's a way of elevating your privileges - if you
end up trapped with a cut-down administrator-like account then you can
quickly and easily grant yourself unrestricted access to the whole local
machine.

I have used this trick several times, particularly when Win2000 was
playing up and refusing to believe that the local Administrator actually
had full administrative rights.

One neat side-effect is that this method allows you to directly edit the
SAM database. NT usually prevents even administrators from directly
reading and writing the SAM database with tools such as Registry Editor,
but if you grant yourself LocalSystem privileges then you can just fire up
regedt32 and browse into the 'forbidden' HKLM\SECURITY tree.

In summary: it doesn't allow ordinary users to gain admin privileges but
it does allow some restricted admin users to bypass their restrictions.

Michael


< Previous Next >
References