whoami /groups
DESKTOP-IDJHTKP\user
has FULL privileges over the file (indeed this was the user that created the file), however, due to the minimum integrity level implemented he won't be able to modify the file anymore unless he is running inside a High Integrity Level (note that he will be able to read it):cmd.exe
in C:\Windows\System32\cmd-low.exe
and set it an integrity level of low from an administrator console:cmd-low.exe
it will run under a low-integrity level instead of a medium one:icacls C:\Windows\System32\cmd-high.exe /setintegritylevel high
) it won't run with high integrity level automatically (if you invoke it from a medium integrity level --by default-- it will run under a medium integrity level).