Network Service Vs Local System

Running a service as Local System is bad because it has powerful access to local resources, and Network Service should be used if possible. After some research, I have found that from the perspective of a remote service, a local service running as Local System and Network Service behaves the same.  It is because the local…


About NTLM/Kerberos and Constrained Delegation in W2k3

I find some well-written documentation on NTLM/Kerberos and Constrained Delegation in W2k3 to share with my colleagues.  They are useful as introduction and reference materials. NTLM Kerberos Constrained Delegation/Protocol Transition


About LDAP injection

The concept of LDAP injection is similar to SQL injection, except that the target is Active Directory or any LDAP server.  The idea is to inject untrusted data into a LDAP query by malicious users.   Here comes a paper to explain that.  


View calendar via Date and Time Properties as non-admin

It is inconvenient that I cannot open Date and Time Properties as non-admin.  Non-admins should not be able to change the date and time, but should be able to view it.  Sometimes, I want to see what the date of next Wed is.  Now I need to practice doing math in my brain if I run…


How to enable Remote Desktop for non-admin?

After hearing from many that Power Users are still admin, I have converted myself to a regular user.  Most apps continue to work properly.  Remote Desktop stops working.  To be specific, from the non-admin box, I can remote desktop to another machine, but not vice versa.  After fiddling with some settings, I discovered that regulars users…


Running as non-admin is not as hard as I imagine

As a security tester, we need to ensure that our product works under minimal privilege.  Yes, test machines are set up to test with minimal privilege, but my day-to-day email machine is set up with admin privilege.  Although it is a threat to run under admin, it was more threatening to inflict myself with the hassles of…