1
1
I'm still trying to get the hang of Windows accounts under a DOMAIN but i have some security questions.
From my experience it seems that in a machine local users and domain users are completely separated.
For example a local Admin cannot make account changes to a Domain user; you need Domain admin privileges for that.
Considering everything is stored as data in the machine locally this seems to be like a Windows restriction.
Is there is a way to bypass this? Since both hardware and local admin access there is to the machine, how can someone recover the DOMAIN admin password or allow a local admin to make changes to a DOMAIN user?
Kind regards
edit: Running this command seems to do it but why?
net localgroup Administrators /add DOMAIN\USER
yes, thanks for the information. I am not trying to hack the domain in the network. I was thinking about the restrictions placed locally on a single machine. Please see my edit to my question above, can you explain this? – TnF – 2018-12-07T10:13:06.860