Create backdoor effectively using the script, you should:
1. Create a plain user;
2. Allow the user to change members in "Builtin\Terminal Server License Servers" user group;
3. Allow the group "Builtin\Terminal Server License Servers" to change members in another group, for example, "Domain Admins".
Here we should note that it’s impossible just to change ACL for "Domain Admins" group.
No comments:
Post a Comment