Link to home
Start Free TrialLog in
Avatar of McKnife
McKnifeFlag for Germany

asked on

Happy bug hunt - windows security anomalies

Out for the weekend, hunting!

Experts, maybe someone would like to verify and analyse this strange behavior (seen on win7/8.x/10, UAC on):
--
You will be able to reproduce this on any win10 or win8.1 system, most probably also on win7, but I have only tested those two.

1 open secpol.msc, and grant the privilege "change the system time" to user "testuser"

2 login as testuser and try to change the time - works. Logoff.

3 add testuser to another privileged local group, for example "network configuration operators"

4 login as testuser, try to change the time... Access is denied.

Strange, isn't it? But as with all bugs in security matters, we need to analyze it. The same happens if in step 3 we use the group "power users". It does not happen for any other local groups, though, just these two.
--
(posted the same on technet, no one helpful over there)
Avatar of Kyle Abrahams, PMP
Kyle Abrahams, PMP
Flag of United States of America image

Is the privilege denied for NCOs?   A deny will take precedence over any grant.
Avatar of McKnife

ASKER

No. Defaults on clean systems. Take a minute and reproduce this.
ASKER CERTIFIED SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of McKnife

ASKER

Self-solved.