by Darren Mar-Elia | Oct 15, 2019 | Security-related
One of the advantages of messing around with Group Policy since before it shipped, is that there is a lot of stuff rattling around in my head that I’ve been re-thinking in the context of today’s modern threat landscape. This allows me to think about...
by Darren Mar-Elia | Jun 14, 2019 | Security-related
As I think about Group Policy as a target for attackers, there are many obvious avenues to take advantage of a poorly protected GP infrastructure. I’ve written about many of these here: Sending GPOs Down the Wrong Track–Redirecting the GPT Group Policy...
by Darren Mar-Elia | Apr 15, 2019 | General Stuff, Security-related
The title of this blog tells it all. I got asked the question–what happens to GP processing when a client machine isn’t on the network and can’t connect to it’s domain Domain Controllers (DCs)? Does policy get removed? Does it just stay where...
by Darren Mar-Elia | Apr 3, 2019 | Security-related
At this blog title implies, this is a bit of a science experiment. Many years ago I played around with this idea that, there is nothing in the GP infrastructure that REQUIRES you to use SYSVOL to store the settings files that compose most in-the-box policy areas. At...
by Darren Mar-Elia | Feb 22, 2019 | Security-related
If you’ve been following this blog, you know that about 2 and half years ago, I started talking about Group Policy’s precarious role in the typical enterprise’s security posture. Many, if not most, AD shops use GP to perform security hardening on...
by Darren Mar-Elia | Jun 12, 2018 | Security-related
I was motivated to write this post based on a vendor blog that I read recently, that talked about ways to maliciously perform what amounted to a denial of service attack on AD. Ostensibly the post was designed to sell software, which I don’t begrudge, but it got...
