This is silly. At least on XP, a normal, non-admin user cannot add AT jobs. So, yes, this would work if the user is local admin., but big deal. At that point, who cares? Is the point here that I can elevate from Administrator to LocalSystem? I'm not really sure that's a revelation...
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Derek Harris Sent: Tuesday, August 01, 2006 7:20 PM To: [email protected] Subject: [ActiveDir] OT: XP exploit Use GPO to prevent users from running the scheduler. Need to do a reg hack to block local accounts. http://www.projectstreamer.com/users/r0t0r00t3r/xp_priv_esc/xp_priv_esc. html List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
