Group policies
Last updated
Was this helpful?
Last updated
Was this helpful?
In certain scenarios, an attacker can gain control over GPOs. Some ACEs can give that control (see , page 28):
WriteProperty
to the GPC-File-Sys-Path
property of a GPO (specific GUID specified)
GenericAll
, GenericWrite
, WriteProperty
to any property (no GUID specified)
WriteDacl
, WriteOwner
This page is about enumeration, for GPO-based attacks, please refer to .
We can enumerate interesting GPO's domain Object's ACL using Get-NetGPO
and Get-ObjectAcl
from 's .
Then, on your attacking machine, we can use the following command to format results