Last active
January 5, 2018 21:11
-
-
Save Iristyle/fd8f0e44083b8c2d5877d87cdf70577c to your computer and use it in GitHub Desktop.
Administrator winrm vs interactive perms through whoami /all
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- from_file | |
| +++ winrm | |
| @@ -1,4 +1,4 @@ | |
| -local | |
| +winrm | |
| USER INFORMATION | |
| ---------------- | |
| @@ -16,12 +16,10 @@ | |
| NT AUTHORITY\Local account and member of Administrators group Well-known group S-1-5-114 Mandatory group, Enabled by default, Enabled group | |
| BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group owner | |
| BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group | |
| -NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group | |
| -CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group | |
| +NT AUTHORITY\NETWORK Well-known group S-1-5-2 Mandatory group, Enabled by default, Enabled group | |
| NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group | |
| NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group | |
| NT AUTHORITY\Local account Well-known group S-1-5-113 Mandatory group, Enabled by default, Enabled group | |
| -LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group | |
| NT AUTHORITY\NTLM Authentication Well-known group S-1-5-64-10 Mandatory group, Enabled by default, Enabled group | |
| Mandatory Label\High Mandatory Level Label S-1-16-12288 | |
| @@ -30,27 +28,27 @@ | |
| ---------------------- | |
| Privilege Name Description State | |
| -=============================== ========================================= ======== | |
| -SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled | |
| -SeSecurityPrivilege Manage auditing and security log Disabled | |
| -SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled | |
| -SeLoadDriverPrivilege Load and unload device drivers Disabled | |
| -SeSystemProfilePrivilege Profile system performance Disabled | |
| -SeSystemtimePrivilege Change the system time Disabled | |
| -SeProfileSingleProcessPrivilege Profile single process Disabled | |
| -SeIncreaseBasePriorityPrivilege Increase scheduling priority Disabled | |
| -SeCreatePagefilePrivilege Create a pagefile Disabled | |
| -SeBackupPrivilege Back up files and directories Disabled | |
| -SeRestorePrivilege Restore files and directories Disabled | |
| -SeShutdownPrivilege Shut down the system Disabled | |
| -SeDebugPrivilege Debug programs Disabled | |
| -SeSystemEnvironmentPrivilege Modify firmware environment values Disabled | |
| +=============================== ========================================= ======= | |
| +SeIncreaseQuotaPrivilege Adjust memory quotas for a process Enabled | |
| +SeSecurityPrivilege Manage auditing and security log Enabled | |
| +SeTakeOwnershipPrivilege Take ownership of files or other objects Enabled | |
| +SeLoadDriverPrivilege Load and unload device drivers Enabled | |
| +SeSystemProfilePrivilege Profile system performance Enabled | |
| +SeSystemtimePrivilege Change the system time Enabled | |
| +SeProfileSingleProcessPrivilege Profile single process Enabled | |
| +SeIncreaseBasePriorityPrivilege Increase scheduling priority Enabled | |
| +SeCreatePagefilePrivilege Create a pagefile Enabled | |
| +SeBackupPrivilege Back up files and directories Enabled | |
| +SeRestorePrivilege Restore files and directories Enabled | |
| +SeShutdownPrivilege Shut down the system Enabled | |
| +SeDebugPrivilege Debug programs Enabled | |
| +SeSystemEnvironmentPrivilege Modify firmware environment values Enabled | |
| SeChangeNotifyPrivilege Bypass traverse checking Enabled | |
| -SeRemoteShutdownPrivilege Force shutdown from a remote system Disabled | |
| -SeUndockPrivilege Remove computer from docking station Disabled | |
| -SeManageVolumePrivilege Perform volume maintenance tasks Disabled | |
| +SeRemoteShutdownPrivilege Force shutdown from a remote system Enabled | |
| +SeUndockPrivilege Remove computer from docking station Enabled | |
| +SeManageVolumePrivilege Perform volume maintenance tasks Enabled | |
| SeImpersonatePrivilege Impersonate a client after authentication Enabled | |
| SeCreateGlobalPrivilege Create global objects Enabled | |
| -SeIncreaseWorkingSetPrivilege Increase a process working set Disabled | |
| -SeTimeZonePrivilege Change the time zone Disabled | |
| -SeCreateSymbolicLinkPrivilege Create symbolic links Disabled | |
| +SeIncreaseWorkingSetPrivilege Increase a process working set Enabled | |
| +SeTimeZonePrivilege Change the time zone Enabled | |
| +SeCreateSymbolicLinkPrivilege Create symbolic links Enabled |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local | |
| USER INFORMATION | |
| ---------------- | |
| User Name SID | |
| ============================= ============================================ | |
| knqh9q0wrbqcczw\administrator S-1-5-21-2754450856-868995602-2816174699-500 | |
| GROUP INFORMATION | |
| ----------------- | |
| Group Name Type SID Attributes | |
| ============================================================= ================ ============ =============================================================== | |
| Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group | |
| NT AUTHORITY\Local account and member of Administrators group Well-known group S-1-5-114 Mandatory group, Enabled by default, Enabled group | |
| BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group owner | |
| BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group | |
| NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group | |
| CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group | |
| NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group | |
| NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group | |
| NT AUTHORITY\Local account Well-known group S-1-5-113 Mandatory group, Enabled by default, Enabled group | |
| LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group | |
| NT AUTHORITY\NTLM Authentication Well-known group S-1-5-64-10 Mandatory group, Enabled by default, Enabled group | |
| Mandatory Label\High Mandatory Level Label S-1-16-12288 | |
| PRIVILEGES INFORMATION | |
| ---------------------- | |
| Privilege Name Description State | |
| =============================== ========================================= ======== | |
| SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled | |
| SeSecurityPrivilege Manage auditing and security log Disabled | |
| SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled | |
| SeLoadDriverPrivilege Load and unload device drivers Disabled | |
| SeSystemProfilePrivilege Profile system performance Disabled | |
| SeSystemtimePrivilege Change the system time Disabled | |
| SeProfileSingleProcessPrivilege Profile single process Disabled | |
| SeIncreaseBasePriorityPrivilege Increase scheduling priority Disabled | |
| SeCreatePagefilePrivilege Create a pagefile Disabled | |
| SeBackupPrivilege Back up files and directories Disabled | |
| SeRestorePrivilege Restore files and directories Disabled | |
| SeShutdownPrivilege Shut down the system Disabled | |
| SeDebugPrivilege Debug programs Disabled | |
| SeSystemEnvironmentPrivilege Modify firmware environment values Disabled | |
| SeChangeNotifyPrivilege Bypass traverse checking Enabled | |
| SeRemoteShutdownPrivilege Force shutdown from a remote system Disabled | |
| SeUndockPrivilege Remove computer from docking station Disabled | |
| SeManageVolumePrivilege Perform volume maintenance tasks Disabled | |
| SeImpersonatePrivilege Impersonate a client after authentication Enabled | |
| SeCreateGlobalPrivilege Create global objects Enabled | |
| SeIncreaseWorkingSetPrivilege Increase a process working set Disabled | |
| SeTimeZonePrivilege Change the time zone Disabled | |
| SeCreateSymbolicLinkPrivilege Create symbolic links Disabled |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| winrm | |
| USER INFORMATION | |
| ---------------- | |
| User Name SID | |
| ============================= ============================================ | |
| knqh9q0wrbqcczw\administrator S-1-5-21-2754450856-868995602-2816174699-500 | |
| GROUP INFORMATION | |
| ----------------- | |
| Group Name Type SID Attributes | |
| ============================================================= ================ ============ =============================================================== | |
| Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group | |
| NT AUTHORITY\Local account and member of Administrators group Well-known group S-1-5-114 Mandatory group, Enabled by default, Enabled group | |
| BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group owner | |
| BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group | |
| NT AUTHORITY\NETWORK Well-known group S-1-5-2 Mandatory group, Enabled by default, Enabled group | |
| NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group | |
| NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group | |
| NT AUTHORITY\Local account Well-known group S-1-5-113 Mandatory group, Enabled by default, Enabled group | |
| NT AUTHORITY\NTLM Authentication Well-known group S-1-5-64-10 Mandatory group, Enabled by default, Enabled group | |
| Mandatory Label\High Mandatory Level Label S-1-16-12288 | |
| PRIVILEGES INFORMATION | |
| ---------------------- | |
| Privilege Name Description State | |
| =============================== ========================================= ======= | |
| SeIncreaseQuotaPrivilege Adjust memory quotas for a process Enabled | |
| SeSecurityPrivilege Manage auditing and security log Enabled | |
| SeTakeOwnershipPrivilege Take ownership of files or other objects Enabled | |
| SeLoadDriverPrivilege Load and unload device drivers Enabled | |
| SeSystemProfilePrivilege Profile system performance Enabled | |
| SeSystemtimePrivilege Change the system time Enabled | |
| SeProfileSingleProcessPrivilege Profile single process Enabled | |
| SeIncreaseBasePriorityPrivilege Increase scheduling priority Enabled | |
| SeCreatePagefilePrivilege Create a pagefile Enabled | |
| SeBackupPrivilege Back up files and directories Enabled | |
| SeRestorePrivilege Restore files and directories Enabled | |
| SeShutdownPrivilege Shut down the system Enabled | |
| SeDebugPrivilege Debug programs Enabled | |
| SeSystemEnvironmentPrivilege Modify firmware environment values Enabled | |
| SeChangeNotifyPrivilege Bypass traverse checking Enabled | |
| SeRemoteShutdownPrivilege Force shutdown from a remote system Enabled | |
| SeUndockPrivilege Remove computer from docking station Enabled | |
| SeManageVolumePrivilege Perform volume maintenance tasks Enabled | |
| SeImpersonatePrivilege Impersonate a client after authentication Enabled | |
| SeCreateGlobalPrivilege Create global objects Enabled | |
| SeIncreaseWorkingSetPrivilege Increase a process working set Enabled | |
| SeTimeZonePrivilege Change the time zone Enabled | |
| SeCreateSymbolicLinkPrivilege Create symbolic links Enabled |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment