Is it a reasonable assumption to make, that if a user has been granted local admin rights to a windows server in a domain, that technically they could use that access, albeit on a single server in this case, to compromise other servers across the domain? And if so what specific attack paths may they use with their admin rights to a single server?
I have noted during an audit of admin rights across systems joined to the domain, that some accounts have admin rights on individual domain joined servers. The servers themselves don’t host any sensitive data, or run live applications or critical processes etc, and as such there is a perception that there is little risk associated with this. I was hoping to tap into your views as whether my theory that this is actually a dangerous starting point if they had malicious plans, or if you feel the risk is actually fairly low? Or any other risk factors to consider, e.g. ransomware propagation?