This can be distributed as a "User right assignment" setting, through a Group Policy Object. You cannot. It also allows, that anyone in the "Administrators" group on the workstation to bypass the rules and continue executing without restrictions unless a file has been specifically denied from execution, which also affects the Administrators at that point.
Clearly, if there was no credentials stored, we could not steal anything from this machine.
It's great that by seeing an IP address range, we can tell where the machine physically is but that doesn't quite help regarding the security of the network. Moreover, privileged accounts both builtin groups such as Domain admins and other custom delegated groups should not be allowed to login or access regular workstations and servers.
This is why, I suggest the topics outlined below to be part of your AD management, but it is up to you to decide the depth of implementation. In other words, in the firewall of the server "devserver Service accounts are greatly over-privileged and by "greatly" I mean Domain admin or similar often explained as this is the reason because it is "easier" this way - e.
Below, I'll focus on the ones that I have seen during engagements most often in real environments and highly recommend to everyone to review and perform in their own to ensure that they are not vulnerable against them. The ones I have seen are in the "description" and "info" fields.
Another factor here is that, the Jump host will be heavily populated with users, some privileged, others not so much but they will all have administrative rights on that Jump host.