View Single Post
Old 05-09-2017, 21:56
TmC TmC is offline
Join Date: Aug 2004
Posts: 291
Rept. Given: 1
Rept. Rcvd 13 Times in 7 Posts
Thanks Given: 2
Thanks Rcvd at 12 Times in 9 Posts
TmC Reputation: 13
Login into Network Workstation as Local Administrator

Since I saw that there are some discussions on hacking tools and network related issues, I'd like to post a question on something that might be a problem.

The scenario is the following:

We have a network with many workstations and multiple domains. Each Single Workstation checks for username and password, on Windows Logon, against an Active Directory Domain Controller.

Each machine itself, does not have local accounts configured, exept for the Administrator one that, to avoid easy password guessing attempts, has been called differently (so you would need to guess the username too).

All the machines on the network share the same "disguised Administrator" account credentials (let's suppose these are Adm1n1str4t0r/P4ssw0rd).

To login onto a specific domain, on Windows, you type the following, onto the login screen "DOMAIN\username", but if you want to log locally, you just type "username" or, like stated by Windows "COMPUTERNAME\username"

Recently we discovered that someone have been able to get the administration username/password combination, mostly to install a program that was not provided with the machine.

This is not a trouble, but what I am asking is: Is it possibile, using the Windows suggestions, to log as an Administrator on remote machines? Said in other words: Do REMOTECOMPUTERNAME\username allow someone to remotely log as a local user onto the remote machine? If so, what would the user be able to do? Would he be able to access the files in a network folder onto the remote computer bypassing the Domain Controller Authentication since he is seen as local user?

I am asking this because there might be people whose account does not allow access to some network folders that might gain access to these once logged onto the remote machine with local credentials and so I'm trying to figure out if this is possible.
Reply With Quote