UAC

PRIMARY CATEGORY → WINDOWS MOVEMENT

Summary

UAC Enabled

USER LOGON TYPE ACCESS TOKEN
Non RID 500 Local Admin Account 2 (Interactive)
10 (RemoteInteractive) Filtered Token
Full Token (Dual Token)
Non RID 500 Local Admin Account 3 (Network) Filtered Token
RID 500 Admin Account 2 (Interactive)
3 (Network)
10 (RemoteInteractive) Full Token
Domain User member of Local Admins Group 2 (Interactive)
10 (RemoteInteractive) Filtered Token
Full Token (Dual Token)
Domain User member of Local Admins Group 3 (Network) Full Token

USER	LOGON TYPE	ACCESS TOKEN
Non RID 500 Local Admin Account	2 (Interactive) 10 (RemoteInteractive)	Filtered Token Full Token (Dual Token)
Non RID 500 Local Admin Account	3 (Network)	Filtered Token
RID 500 Admin Account	2 (Interactive) 3 (Network) 10 (RemoteInteractive)	Full Token
Domain User member of Local Admins Group	2 (Interactive) 10 (RemoteInteractive)	Filtered Token Full Token (Dual Token)
Domain User member of Local Admins Group	3 (Network)	Full Token

UAC not Enabled

For all the Privileged Accounts, LSASS.exe creates a Full Access Token, as there is no UAC which filters that token generating a Filtered Access Token

The above applies regardless of the Logon Session Type, whether it is 2 (Interactive), 3 (Network) or 10 (RemoteInteractive)

This LocalAccountTokenFilterPolicy does not apply if UAC is disabled

USER LOGON TYPE ACCESS TOKEN
Non RID 500 Local Admin Account 2 (Interactive)
3 (Network)
10 (RemoteInteractive) Full Token
RID 500 Admin Account 2 (Interactive)
3 (Network)
10 (RemoteInteractive) Full Token
Domain User member of Local Admins Group 2 (Interactive)
3 (Network)
10 (RemoteInteractive) Full Token

USER	LOGON TYPE	ACCESS TOKEN
Non RID 500 Local Admin Account	2 (Interactive) 3 (Network) 10 (RemoteInteractive)	Full Token
RID 500 Admin Account	2 (Interactive) 3 (Network) 10 (RemoteInteractive)	Full Token
Domain User member of Local Admins Group	2 (Interactive) 3 (Network) 10 (RemoteInteractive)	Full Token

Summary (UAC Enabled)

USER LOGON TYPE POLICY ACCESS TOKEN Under UAC?
Non RID 500 Local Admin Account 2 (Interactive)
10 (RemoteInteractive) LocalAccountFilterTokenPolicy ❌ Filtered Token
Full Token
(Dual Token) 🟢
Non RID 500 Local Admin Account 3 (Network) ❌ LocalAccountFilterTokenPolicy 🟢 Filtered Token 🟢
Non RID 500 Local Admin Account 3 (Network) 🟢 LocalAccountFilterTokenPolicy ❌ Full Token 🟢
RID 500 Admin Account 2 (Interactive)
3 (Network) 🟢
10 (RemoteInteractive) FilterAdministratorToken ❌ Full Token ❌
RID 500 Admin Account 2 (Interactive)
10 (RemoteInteractive) FilterAdministratorToken 🟢 Filtered Token
Full Token
(Dual Token) 🟢
RID 500 Admin Account 3 (Network) ❌ LocalAccountFilterTokenPolicy 🟢
FilterAdministratorToken 🟢 Filtered Token 🟢
RID 500 Admin Account 3 (Network) 🟢 LocalAccountFilterTokenPolicy ❌
FilterAdministratorToken 🟢 Full Token 🟢
Domain User member of Local Admins Group 2 (Interactive)
10 (RemoteInteractive) Filtered Token
Full Token
(Dual Token) 🟢
Domain User member of Local Admins Group 3 (Network) 🟢 Full Token 🟢

💥Cyb3rBook

Explorer

UAC

PRIMARY CATEGORY → WINDOWS MOVEMENT

Summary

Graph View

Backlinks

USER	LOGON TYPE	POLICY	ACCESS TOKEN	Under UAC?
Non RID 500 Local Admin Account	2 (Interactive) 10 (RemoteInteractive)	LocalAccountFilterTokenPolicy ❌	Filtered Token Full Token (Dual Token)	🟢
Non RID 500 Local Admin Account	3 (Network) ❌	LocalAccountFilterTokenPolicy 🟢	Filtered Token	🟢
Non RID 500 Local Admin Account	3 (Network) 🟢	LocalAccountFilterTokenPolicy ❌	Full Token	🟢
RID 500 Admin Account	2 (Interactive) 3 (Network) 🟢 10 (RemoteInteractive)	FilterAdministratorToken ❌	Full Token	❌
RID 500 Admin Account	2 (Interactive) 10 (RemoteInteractive)	FilterAdministratorToken 🟢	Filtered Token Full Token (Dual Token)	🟢
RID 500 Admin Account	3 (Network) ❌	LocalAccountFilterTokenPolicy 🟢 FilterAdministratorToken 🟢	Filtered Token	🟢
RID 500 Admin Account	3 (Network) 🟢	LocalAccountFilterTokenPolicy ❌ FilterAdministratorToken 🟢	Full Token	🟢
Domain User member of Local Admins Group	2 (Interactive) 10 (RemoteInteractive)		Filtered Token Full Token (Dual Token)	🟢
Domain User member of Local Admins Group	3 (Network) 🟢		Full Token	🟢