I went and looked at a service that was run by a domain user.
The process for the service read from a file on the machine's hard drive, and in the ACLs for that service there was an ACE for the local domain administrator group.
And inside the domain administrator's group, there was the domain account that runs the service...to complete our circular logic...for one pass...
So what sort of authentication is this considered?
- AD/Keberos ?
- NTLM ?
Or is it like both?