On 09.05.2019 17:44, Bill Stewart wrote: > On Thu, May 9, 2019 at 6:20 AM Andrey Repin wrote: > >> Again, there's simply no equivalent of "god user" from *NIX in Windows >> permissions system. > > That's not really correct. An account that is a member of the > Administrators local group (localized name can be different, SID is > S-1-5-32-544) is a root/superuser equivalent. > > It is true that some objects have permissions that prevent Administrators > from accessing them, but any member of Administrators can take > ownership/change permissions/run as SYSTEM and access those objects.
IIRC, even Administrators can't run as SYSTEM. To run as SYSTEM, you need to somehow coerce a process that runs as SYSTEM to do something for you. Usually achieved by running a [temporary] service and having it do what you want to be done. Notably, SYSTEM (but not Administrator) can impersonate any other user without needing a password (other users can only impersonate with a password - i.e. they need to authenticate themselves). In that sense SYSTEM is the true root (though there are other high-privilege accounts, such as Trusted Installer and Local Service that might be able to do the same things).
signature.asc
Description: OpenPGP digital signature
