I dont actually understand how this is possible. or What exactly happens here.
In what kind of network does this work ?
Normal workgroup or (LAN) as in a hub or 2 with pc's connected to it ?
or a Proper domain setup all connected to a domain controller using active directory via LDAP?
Surely to gain any user rights you need to authenticate first. (Domain controller environment)
E.g if you log in as a user call it Billy.Bob
You are logged in and your PC domain client will check your privileges.
If you wanted to browse a network path witch billy.bob dont have access to, it
will popup with a username and password box, and you then specify domain\Administrator
with the password and you current session can then access that path if you log out your session gets ended
and once you log in Billy.Bob will not have privileges again to access that network path again
unless obviously the domain admin password is entered.
That tells me, Windows caches the username and password in Memory (for seamless authentication purposes aswell)
So if the password was never sent , how can it gain admin access ?
They way i understand it is, you end the session partially then the AT command ( task scheduler) basically runs CMD.EXE as the admin user or
system user, because the current users session is not active or something like that ?
All good , but what ever happens you then have admin rights (Local Admin) how will this help you to connect and run commands on
remote PC's ?