Which commands would you run on Windows to display local users and groups and identify administrators?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which commands would you run on Windows to display local users and groups and identify administrators?

Explanation:
The essential idea is to enumerate local accounts and determine who has administrative privileges on the Windows machine. To achieve this, you use built-in Windows commands that reveal local user accounts and the membership of local groups. Using a command to list local users gives you the full set of accounts that exist on the machine. Then listing local groups shows you how those accounts are organized into groups. Finally, listing the members of the Administrators group directly identifies which accounts have elevated rights on the system. Put together, net user (to show users), net localgroup (to show groups and their memberships), and net localgroup administrators (to see who belongs to the Administrators group) provide a complete view of local admin access. The other sets of commands focus on network configuration or process information rather than account and group information. They won’t reveal local user accounts or which users have administrative privileges, so they’re not suitable for this purpose.

The essential idea is to enumerate local accounts and determine who has administrative privileges on the Windows machine. To achieve this, you use built-in Windows commands that reveal local user accounts and the membership of local groups.

Using a command to list local users gives you the full set of accounts that exist on the machine. Then listing local groups shows you how those accounts are organized into groups. Finally, listing the members of the Administrators group directly identifies which accounts have elevated rights on the system. Put together, net user (to show users), net localgroup (to show groups and their memberships), and net localgroup administrators (to see who belongs to the Administrators group) provide a complete view of local admin access.

The other sets of commands focus on network configuration or process information rather than account and group information. They won’t reveal local user accounts or which users have administrative privileges, so they’re not suitable for this purpose.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy