A Server Operator can perform many of the same tasks that an Administrator can, with the exception of account management.
By virtue of the default permissions on
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
a Server Operator could replace the SYSTEM value with an executable that grants administrative priveledges. To quote Microsoft:
In the environments where members of server operators are not sufficiently trusted, it is recommended that security on following keys be changed as below: Registry Key Recommended Permissions HKEY_LOCAL_MACHINE\Software\Microsoft \Windows NT\CurrentVersion\Winlogon CREATOR OWNER: Full Control Administrators: Full Control SYSTEM: Full Control Everyone: Read
0 comments
Hide comments