I came across this video which shows using "Startup Repair" (which doesn't require credentials like "Repair My Computer" or "System Recovery") to gain local administrator privileges. To summarize:
- Reset the computer while it's starting.
- Select "Startup Repair"
- In the dialog "Startup Repair cannot repair this computer automatically", click "View problem details", then click the link at the very bottom (which opens Notepad).
- In Notepad, click File and Open, and you now have an Explorer shell. Browse to cmd.exe, right-click and Run as an administrator.
- Optionally create a backdoor for yourself (replacing sethc.exe is my favourite).
I'd like to prevent this. One way would be to remove the recovery partition, but I don't know a practical way to do this on a large amount of already deployed computers. I was hoping for a group policy or something similar.
P.S. Our computers already have the BIOS password protected, configured to not allow anything other than the system disk to boot, and the case is physically locked.
Aucun commentaire:
Enregistrer un commentaire