Carbanak procedures 10.A.4 needs elevated privilege

[minjimwu]

Hi, I try to run Carbanak procedures in my lab. When I executing metasploit module "post/windows/manage/run_as" in step 10.A.3, it seems didn't have enough permission to change firewall settings.

kmitnick is a domain admin and I also confirm that domain admins group in local administrators group (cfo). As I know that metasploit run_as module didn't include feature to bypass UAC.

May I ask why kmitnick account has high privilege to change firewall setting? Should I change any policy in Windows before I run the script?