Ask the Expert

What are elevated privileges and why do they make my systems vulnerable?

Concerning your response to How can I stop administrators from taking their computers out of the domain?, can you please clarify and give examples of what you mean by "think of the elevation of privilege attacks that might provide them with elevated privileges on other machines (including servers and domain controllers)"?
If an attacker is able to gain access to LSA secrets (possibly by using lsadump2), then they might discover the user name and password for a service account. Accounts that are used to run services may have privileges beyond that held by the user of the compromised account and maybe domain-level accounts. Armed with the information, the attacker can log on and now have those privileges. If the account is a domain account, his privileges extend to many computers in the domain, not just the one he was able to compromise.

This was first published in February 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: