Smbexec is a tool that you can use for penetration testing domain controllers; the program allows running post exploitation for domain accounts and expanding the access to targeted network. This gives pentesters full access without any privilege requirement.
Latest release includes improvements so it runs faster and there are more options in configuration and a module that support file search. Using smbexec allows easily going through all machines on the network and collecting the necessary information such as the UAC configuration or other system settings beside where the domain administrators’ credentials are in use.
Windows 7 has inbuilt features that users are encouraged to use in order to keep their systems secure. Nevertheless, third party security software such as anti-malware is still required and highly recommended. Some of these features include additional tasks which may require an advanced level of computer proficiency:
I am one of those geeky people who try to follow all of Microsoft’s recommendations (including logging in with an administrator and separate standard account). When UAC was introduced, I found my new best friend! I could finally stay logged in as an administrator without having everything running as an administrator.
Something with UAC must have changed between Windows 7 and Windows 8. If you happen to constantly use applications that request elevated privileges while logged on as administrator, you may start hearing a fancy new sound which may drive you crazy. The link below will show you how to simply turn off that sound notification (or to change it to that pleasant new Office notification sound).
User Account Control (UAC) is a Windows 7 in-built tool that protects your system and alerts you when you are executing some task that requires administrator privileges, however, if you would like to know how to disable UAC from the registry, here is the info:
Users of both Windows XP and Windows 7 may still find it difficult to understand the behaviour of User Account Control (UAC) mechanism used in Windows 7. UAC is a security feature of Windows 7 that informs you when the action that you want to take to undertake requires an elevation of privileges. The list below explains the behavior changes in Windows 7 with UAC enabled when compared to Windows XP.
- Enable Windows Update and other third-party applications that have update support to update automatically.
- Limit the rights and privileges granted to normal users using the system.
- Set a combination of share and NTFS permissions on files and shared resources.
- Hide any objects that a user is not permitted to access.
- Users with Administrator rights should use the system only when performing administrative tasks. Otherwise use a normal user account.
- Enable User Account Control (UAC) for administrator accounts.
- Use low privileged service accounts for services that do not require elevated privileges.
- Enable windows firewall and install suitable anti-virus/spyware solutions.
There are a number of commercial and open-source tools available to help you perform system security scanning and vulnerability testing of your Windows 7 system, however, the Microsoft Baseline Security Analyzer is a great tool (free and easy t o use) that checks for compliance with Microsoft’s security recommendations.
Read more about Microsoft Baseline Security Analyzer tool here – http://technet.microsoft.com/en-us/security/cc184924