by Darren Mar-Elia | Nov 19, 2019 | Security-related
About a year ago, I posted about the perils of granting someone write access on the Active Directory Domain NC “head” object, and how you could use that and some quirks in Restricted Groups policy to essentially elevate your access in AD, just based on...
by Darren Mar-Elia | Oct 15, 2019 | Security-related
One of the advantages of messing around with Group Policy since before it shipped, is that there is a lot of stuff rattling around in my head that I’ve been re-thinking in the context of today’s modern threat landscape. This allows me to think about...
by Darren Mar-Elia | Jun 14, 2019 | Security-related
As I think about Group Policy as a target for attackers, there are many obvious avenues to take advantage of a poorly protected GP infrastructure. I’ve written about many of these here: Sending GPOs Down the Wrong Track–Redirecting the GPT Group Policy...
by Darren Mar-Elia | Apr 15, 2019 | General Stuff, Security-related
The title of this blog tells it all. I got asked the question–what happens to GP processing when a client machine isn’t on the network and can’t connect to it’s domain Domain Controllers (DCs)? Does policy get removed? Does it just stay where...
by Darren Mar-Elia | Apr 3, 2019 | Security-related
At this blog title implies, this is a bit of a science experiment. Many years ago I played around with this idea that, there is nothing in the GP infrastructure that REQUIRES you to use SYSVOL to store the settings files that compose most in-the-box policy areas. At...
