Forum Discussion
What are the requirements for local psexec usage?
Background
I am currently studying for OSCP and trying to understand the access controls and security measures of Windows. I have learned that no one except of Administrator(RID=500), even members of Administrators group, cant connect to the machine using PsExec. This is due to UAC remote restrictions (source: Microsoft):
When a user who is a member of the local Administrators group on the target remote computer establishes a remote administrative connection by using the net use *\\remotecomputer\Share$ command, for example, they won't connect as a full administrator. The user has no elevation potential on the remote computer, and the user cannot perform administrative tasks. If the user wants to administer the workstation with a Security Account Manager (SAM) account, the user must interactively log on to the computer that is to be administered with Remote Assistance or Remote Desktop, if these services are available.
Questions
1) When running PsExec locally as unprivileged user. Can I execute commands as a user that is member of Administrators group if i know its password?
2) How do the "UAC remote restrictions" affect other options to spawn the shell: WinRM or WMI. What are the requirements? Do I only have to be the user that is a member of Remote Management group?
I really appreciate any help you can provide.