Select Page

Test Page

The GPOGUY Group Policy FAQ

Quirks in Restricted Groups Policy on AD Groups

About a year ago, I posted about the perils of granting someone write access on the Active Directory Domain NC "head" object, and how you could use that and some

Understanding the Registry Policy Archive File

One of the advantages of messing around with Group Policy since before it shipped, is that there is a lot of stuff rattling around in my head that I've been

Hijacking Administrative Templates

As I think about Group Policy as a target for attackers, there are many obvious avenues to take advantage of a poorly protected GP infrastructure. I've written about many of

What Does Group Policy Do When It Can’t Contact a DC?

The title of this blog tells it all. I got asked the question--what happens to GP processing when a client machine isn't on the network and can't connect to it's

Sending GPOs Down the Wrong Track–Redirecting the GPT

At this blog title implies, this is a bit of a science experiment. Many years ago I played around with this idea that, there is nothing in the GP infrastructure

Group Policy Security– Tinkering with External Paths

If you've been following this blog, you know that about 2 and half years ago, I started talking about Group Policy's precarious role in the typical enterprise's security posture. Many,

Speaking in Chicago Next Month!

Hey folks! Just a quick note that I'm giving a talk next month in Chicago. This is a follow-on to the Semperis Hybrid Identity Protection (HIP) Conference that I spoke