Commonly Abused Windows Token Privileges: SeNetworkLogonRight

Picture of Henry Zhang Henry Zhang : Sep 1, 2024 8:15:00 AM

Senteon Technical Cybersecurity Security Configuration Hardening Managed Endpoint Hardening
Commonly Abused Windows Token Privileges: SeNetworkLogonRight

SeNetworkLogonRight— Access this computer from the network

Provides users given this permission the ability to access the system over the network via protocols such as Sever Message Block (SMB), NetBIOs, Common Internet File System (CIFS), and Component Object Model Plus (COM+). Another commonly used protocol that requires this privilege is RDP.

GPO Setting Path

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

GPO Setting Name

Access this computer from the network

Token Privilege

SeNetworkLogonRight

Associated Security Frameworks

Mitre ATT&CK: Lateral Movement (TA0008)

STIG: V-220957

Windows Logon Session Types: Network

Picture of Henry Zhang Henry Zhang : Nov 22, 2021 10:00:00 AM

Logon Type — Network Used to access a Windows resource (e.g. shared folder) from a system on the network.

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE

Windows Logon Session Types: NetworkCleartext

Picture of Henry Zhang Henry Zhang : Dec 13, 2021 7:30:00 AM

Logon Type — NetworkCleartext Used to logon with credentials sent in clear text (only possible for certain services).

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE

Windows Logon Session Types: NewCredentials

Picture of Henry Zhang Henry Zhang : Dec 20, 2021 8:45:00 AM

Logon Type — NewCredentials Used with RunAs or mapping a network drive with alternate credentials. Create a new logon session for the same user but...

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE