T 5.52 Misuse of administrator rights in Windows NT systems

Improper administration occurs when legitimately or non-legitimately acquired administrator authorisations and rights are deliberately used to damage the system or its users.

Example:

By improper use of the right to assume ownership of any files, an administrator, under Windows NT, can gain access to any files, even though their owner has explicitly refused him such access by means of appropriate access permissions. However, the gaining of access can be recognised by the original owner of the files, as the administrator has to make himself the owner of the files concerned in the process, and under Windows NT no function is available to undo this change again. Nevertheless, the administrator can gain access to user files without being noticed by, for example, registering with the backup operators' group and making a backup of the files he wishes to read.

There are various opportunities for exploiting administrator rights in an improper manner. These include illegal access to files, changes to the logging settings and the specifications for user accounts. Other possibilities of misuse lie in the falsification of protocol details, by altering the system time, or in the detailed tracking of the activities of individual users.

Depending on the underlying hardware, where it is possible to gain access to the console and the system cabinet, the system can be booted up. This may enable the configuration to be manipulated if boot-up can be performed by an outside medium or if another operating system can be selected.