legal contact
 

Decrypt Admin password using the grup.xml file

Depending on the settings of the "Group Policy Preferences" you might be able to elevate your own login.

A perfect HowTo can be found here.

You need below decrypt key, that MS publishes via the Internet. :-)

4e 99 06 e8 fc b6 6c c9 fa f4 93 10 62 0f fe e8
f4 96 e8 06 cc 05 79 90 20 9b 09 a4 33 b6 6c 1b

Prove of concept


\\[DC-name]\SYSVOL\[Domain Name]\Policies\{F6C580CC-22A6-46BB-8064-2CA339CC75E1}\Machine\Preferences\Groups\Groups.xml

And decrypt the local Administrator password using the public decrypt key from:
http://msdn.microsoft.com/en-us/library/2c15cbf0-f086-4c74-8b70-1f2fa45dd4be.aspx#endNote2%C3%A2%C2%80%C2%9DAfter discovering the password you "own" the machine. Microsoft have addressed this with MS14-025 - http://support.microsoft.com/kb/2962486 effectively removing the option to save passwords but it does not do anything for ones already set. MS has also released a new tool which might help with random passwords http://blogs.technet.com/b/askpfeplat/archive/2014/05/19/how-to-automate-changing-the-local-administrator-password.aspx

Mitigation

-none.

Workaround

Have the local Administrator password change in very regular intervalls

See this TechNET article

Solution(s)

Reset Local Administrator Password Using A Different Random String On Each Computer And Recover The Passwords Securely

See this article: