Is it a reasonable assumption to make, that if a user has been granted local admin rights to a windows server in a domain, that technically they could use that access, albeit on a single server in this case, to compromise other servers across the domain? And if so what specific attack paths may they use with their admin rights to a single server?
I have noted during an audit of admin rights across systems joined to the domain, that some accounts have admin rights on individual domain joined servers. The servers themselves don’t host any sensitive data, or run live applications or critical processes etc, and as such there is a perception that there is little risk associated with this. I was hoping to tap into your views as whether my theory that this is actually a dangerous starting point if they had malicious plans, or if you feel the risk is actually fairly low? Or any other risk factors to consider, e.g. ransomware propagation?
Our community of experts have been thoroughly vetted for their expertise and industry experience.
This award recognizes a member of Experts Exchange who has made outstanding contributions to the community within their first year as an expert. The Rookie of the Year is awarded to a new expert who has the highest number of quality contributions.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.