# GP And OU Enumeration

Group Policy provides the ability to manage configuration and changes easily and centrally in AD.

Allows configuration of, **Security settings, Registry-based policy settings, Group policy preferences like startup/shutdown/log-on/logoff scripts settings, Software installation, GPO can be abused for various attacks like privesc, backdoors, persistence etc**.

## GPO Enumeration

## PowerView

```c
Get-NetGPO
Get-NetGPO | Select displayname
Get-NetGPO -ComputerName dcorpstudent1.dollarcorp.moneycorp.local

#Get GPO(s) which use Restricted Groups or groups.xml for interesting
users
Get-NetGPOGroup


#Get users which are in a local group of a machine using GPO
Find-GPOComputerAdmin –Computername dcorpstudent1.dollarcorp.moneycorp.local



#Get machines where the given user is member of a specific group
Find-GPOLocation -UserName student1 -Verbose 


```

## ActiveDirectoryPowerShell module

```c
#Get list of GPO in current domain
Get-GPO -All
Get-GPResultantSetOfPolicy -ReportType Html -Path C:\Users\Administrator\report.html

gpresult /r
gpresult /r /v
```

## OU Enumeration

## PowerView

```c
#Get OUs in a domain
Get-NetOU
Get-NetOU -FullData



#Get GPO applied on an OU. Read GPOname from gplink attribute from Get-NetOU
Get-NetGPO -GPOname "{AB306569-220D-43FF-B03B83E8F4EF8081}"

```

## ActiveDirectoryPowerShell module

```c
#Get OUs in a domain
Get-ADOrganizationalUnit -Filter * -Properties * 


#Get GPO applied on an OU. Read GPOname from gplink attribute from Get-NetOU
Get-GPO -Guid AB306569-220D-43FF-B03B-83E8F4EF8081 
```