Quirks in Restricted Groups Policy on AD Groups
About a year ago, I posted about the perils of granting someone write access on the Active Directory Domain NC "head" object, and how you could use that and some
Understanding the Registry Policy Archive File
One of the advantages of messing around with Group Policy since before it shipped, is that there is a lot of stuff rattling around in my head that I've been
Hijacking Administrative Templates
As I think about Group Policy as a target for attackers, there are many obvious avenues to take advantage of a poorly protected GP infrastructure. I've written about many of
What Does Group Policy Do When It Can’t Contact a DC?
The title of this blog tells it all. I got asked the question--what happens to GP processing when a client machine isn't on the network and can't connect to it's
Sending GPOs Down the Wrong Track–Redirecting the GPT
At this blog title implies, this is a bit of a science experiment. Many years ago I played around with this idea that, there is nothing in the GP infrastructure
Group Policy Security– Tinkering with External Paths
If you've been following this blog, you know that about 2 and half years ago, I started talking about Group Policy's precarious role in the typical enterprise's security posture. Many,
Speaking in Chicago Next Month!
Hey folks! Just a quick note that I'm giving a talk next month in Chicago. This is a follow-on to the Semperis Hybrid Identity Protection (HIP) Conference that I spoke