0
I created on windows PC, a local user account with a password that I removed from all of the groups. I intend to use this account to gain access from my network scanning multifunction printer to a shared folder on that windows PC. Is this user account considered a threat if someone knows the password?
Zealos
Posted 2016-08-23T15:02:39.370
Reputation: 1
What version of WIndows? I ask bc is the user account an admin, super user etc? – user2676140 – 2016-08-23T15:03:58.693
@user2676140 - Please read the question again. The user the author created does not belong to a user group. – Ramhound – 2016-08-23T15:06:06.780
@Zealos - If it isn't in a user group then it only has the permissions you specifically grant the user. – Ramhound – 2016-08-23T15:07:04.243
1Well, yes, all logged in users are automatically part of the Authenticated Users and Interactive Users groups, which have inherent privileges like the ability to enumerate windows shares and accounts via net view. Should the users credentials be compromised, an attacker would have a toehold to begin escalation-of-privilege attacks to increase their degree of influence. Most interactive hacks start this way; with an attacker compromising a low-level account, and using it to attack software and configuration vulnerabilities in order to "get root". – Frank Thomas – 2016-08-23T15:43:47.923