Wanted to recap on the conversation we had this week. The main topic was on ACL’s (Access Control Lists). How to use them on what they protect: Files, Shares, Registry, Services, AD OU’s.
We even saw how the demo god’s prevented my demo from working in class. After working out what had happened to my demo it was my command that I wrote a deny against the spooler services as my last step before class to try and set everything back to default.
The command I ran was:
subinacl /service spooler /deny=users=PTO
The above command denied all users access to stop/start the spooler service. The administrtor (Temple) in my example is also part of that group. So that is why I was getting what I did in class. So setting the service back to the default access removed my errors and was able to move forward. The reason I was able make that change was because I was administrator on windows allowing me to over-ride those local settings. We will look in future classes how that can be prevented with Group Policies.
Please start working to create team to complete future assignments and post those to this thread.
In the News:
- Who is Anna-Senpai, the Mirai Worm Author?
- ATM ‘Shimmers’ Target Chip-Based Cards
- Power Shell AD ACL Scan Tool
- Scan AD ACLs and report on them