accessing windows files "locally" risk assessment

Posted on 2013-10-14
Medium Priority
Last Modified: 2013-10-15
I am trying to do some risk assessment work on folder permissions on an admin share on a windows 2008 server. The share permissions are - admin share, but on the directory permissions builtin\users have access to some folders on the servers local C drive. As its an admin share, then remotely mapping the share and getting access to the files that way is out the equation. And the server is a secure room so them manually logging onto the server is very, very unlikely.

I appreciate you can RDP onto a server, but I think local security policy or user rights assignments determine which users and groups could do this.

So... if its an admin share, local security options/user rights assignments don't let basic users (builtin\users) RDP, and the server is physically secure - is there any other way a user can achieve "local" login to the server to access those files?
Question by:pma111
1 Comment
LVL 59

Accepted Solution

McKnife earned 2000 total points
ID: 39571482
No, there isn't. All access you mentioned has ACLs set, so, no.
of course there's still the risk of exploits.

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
An Incident response plan is an organized approach to addressing and managing an incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question