Group Policy Blog by Darren Mar-Elia (The “GPOGUY”)
SwiftSlicer Malware and Group Policy
You may have caught the recent article about a new malware variant, called SwiftSlicer--attributed to a Russian APT group--that is making its way around Active Directory environments. There's not a ton of details about how this malware is delivered, but the one detail...
New GP Preferences Vulnerabilities Patched in the latest Patch Tuesday
In case you missed it, there were three vulnerabilities related to GP Preferences in the latest October 2022 "Patch Tuesday". Specifically they were: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37994...
SDM Software Ships Modern Group Policy Change Control!
We are very happy to announce the release of the newest member of our Group Policy product family--Change Manager for Group Policy 1.0! CMGP, as we call it around here, brings GPO change control into the modern era, by providing a friendly, web-based user interface to...
Removing Orphaned Delegation on GPOs
One of the annoying things about Group Policy, is that delegations to GPOs are not cleaned up when the underlying security principal (e.g. user, computer or group) is deleted in Active Directory. For example, if you create a security filter on a GPO for a particular...
Using Tiered Administration for Group Policy Management
Well, I have to admit that it's been a while since I have found something interesting to blog about related to Group Policy. Despite the fact that the technology is still widely used, how much new can you say about something that's 21+ years old? Well, as many of you...
SDM Software and CVE-2021-44228
We've had several customers ask us about the very widely reported CVE-2021-44228 "Log4j" vulnerability. We have reviewed our products and confirmed that none of SDM Software's solutions use or rely on Log4j for any functions and therefore are not subject to this...
Understanding Group Policy Behavior When a Computer or User is Moved in Active Directory
A question came up on Twitter the other day related to how Group Policy behaves on a given client, when you move either the computer or user account in Active Directory. As we know, the Group Policy that applies to a computer or user is a function of what GPOs are...
ADMX File for Troubleshooting Group Policy
Well, it's been a while since I last blogged, and this is one I've been wanting to write for a while. A few months ago I was trying to troubleshoot why a GPMC backup was throwing errors on Windows Server Core 2012 and 2016. I had installed the GPMC PowerShell module...
The Attack of the Trojan GPOs
The story of the Trojan Horse is well known to everyone who has taken a history class. True or not, the story goes that the Greeks, in an effort to finally sack the city of Troy, construct a giant wooden horse with some of their top soldiers hidden inside. They wheel...
Understanding Group Policy Privilege Escalation in CVE-2020-1317
Earlier this month, Microsoft released an advisory for CVE-2020-1317 which describes a privilege escalation vulnerability in Group Policy. This was further detailed by the discoverer of the vulnerability on the Cyberark website. The nature of this issue is interesting...