T 5.52 Misuse of administrator rights in Windows operating systems

Administration rights are abused when administrator privileges acquired with or without permission are deliberately misused to damage the system or its users.

Examples:

• By abusing the right to take over ownership of any file, the administrator of a Windows NT-based system can gain access to any file, even if their owner has explicitly denied him access using the appropriate access permissions. However, it is possible for the original owner of the file to detect the change of ownership since the administrator must make himself the owner of the corresponding files. In Windows NT-based systems, there is no function available to undo such a change. However, Windows Server 2003 and higher and Windows Vista offer administrators the ability to conceal the change of ownership and grant ownership back to any user. An administrator can therefore gain access to user files without being noticed, for example by entering his name in the group of backup operators, and then make backup copies of the files he wants to read.
• There are various ways to exploit administrator privileges for the purpose of misusing them. These include accessing files without authorisation, changing the logging settings, and changing the specifications of user accounts. Other possibilities for misuse include detailed tracking of the activities of individual users and the falsification of log information by changing the system time.
• Depending on the underlying hardware, it may be possible to boot the system when it is possible to gain access to the console or the system case. This may make it possible to tamper with the configuration if the computer can be booted from an external medium or a different operating system can be selected when booting.