32bit box Terminal Services Server The attacker had a limited user account. He logged in, using that. Discovered the system had Active directory tools, using them he had read access to the AD. Escalated privileges to Admin. Created a new domain admin account. Then he had complete admin access to all our Windows boxes, everything in the domain.