5 Examples of Hidden Admin Authority in Windows

Click here to unsubscribe

Active Directory is an object store of all the accounts, groups and computers in your environment as well as infrastructure objects like organizational units and group policy objects to manage them. And each of these objects has its own access control list just like a file or folder on a file server. But these AD object ACLs control more than user access – they are largely what constitute admin authority in the Windows and AD world. There’s very little special about the actual Administrators and Domain Admins groups – they just happen to have the right permissions. AD object permissions are just one of the ways that unknown admin entitlements can be lurking in your network like a forgotten key dropped and long forgotten in a dark, cobwebbed corridor in the basement beneath an old building. Then there are Windows system level user rights that seem tailor-made for the bad guy. Here's a few examples of each:

  1. System Privilege: Act as part of the operating system
  2. AD Object Permission: Write access to groupPolicyContainer
  3. System Privilege: Take ownership
  4. AD OU Permission: Write access to gpLink property
  5. SIDHistory

Bottom line is there are many vectors to privileged access in Windows, and it can be confusing because so much of this functionality has accreted over time with the progression of IT eras that Windows has lived through.

In this real training for free session, I will try to give you a comprehensive view of privileged access in Windows covering all these areas and more. Then I will focus on key choke points that if you understand and properly control, will give you confidence that privileged access to your Windows systems is truly locked down to who should actually have it.

But should anyone really have privileged access all the time? Martin Cannard is joining me from Netwrix and will briefly show you how JIT PAM and Activity orchestration can not only give your users the specific access they need at the point of time that they need it, but how the same approach applies equally to removing attack surfaces posed by ever present Windows services.

This will be a technical deep dive into Windows privileged access both in on-prem and cloud environments. Register now.

Click here to register

CAN'T MAKE THE LIVE EVENT? REGISTER ANYWAY TO GET THE RECORDED VERSION.

Title: 5 Examples of Hidden Admin Authority in Windows
Date: Tuesday, July 8, 2025 12:00 - 1:30 PM ET

This is real training.

Space is limited.
Reserve your Webinar seat now at:
https://www.ultimatewindowssecurity.com/webinars/register.aspx?id=3774

Need CPE credit for this live webinar or any other live webinar you've attended in the past? Just visit www.UltimateWindowsSecurity.com, click on the Webinars section, and then the link for CPE credit transcript. If your email address has changed due to a job change or any other reason, click here to update it.

Thanks as always for reading and best wishes on security,
Randy Franklin Smith

Follow randyfsmith on Twitter Subscribe to Randy Franklin Smith on Facebook

Click here to unsubscribe

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.

9450 SW Gemini Drive #53822, Beaverton, OR 97008

Note: We do our best to provide quality information and expert commentary but use all information at your own risk.