GP And OU Enumeration

Group Policy provides the ability to manage configuration and changes easily and centrally in AD.

Allows configuration of, Security settings, Registry-based policy settings, Group policy preferences like startup/shutdown/log-on/logoff scripts settings, Software installation, GPO can be abused for various attacks like privesc, backdoors, persistence etc.

GPO Enumeration

PowerView

Get-NetGPO
Get-NetGPO | Select displayname
Get-NetGPO -ComputerName dcorpstudent1.dollarcorp.moneycorp.local

#Get GPO(s) which use Restricted Groups or groups.xml for interesting
users
Get-NetGPOGroup


#Get users which are in a local group of a machine using GPO
Find-GPOComputerAdmin –Computername dcorpstudent1.dollarcorp.moneycorp.local



#Get machines where the given user is member of a specific group
Find-GPOLocation -UserName student1 -Verbose 

ActiveDirectoryPowerShell module

#Get list of GPO in current domain
Get-GPO -All
Get-GPResultantSetOfPolicy -ReportType Html -Path C:\Users\Administrator\report.html

gpresult /r
gpresult /r /v

OU Enumeration

PowerView

#Get OUs in a domain
Get-NetOU
Get-NetOU -FullData



#Get GPO applied on an OU. Read GPOname from gplink attribute from Get-NetOU
Get-NetGPO -GPOname "{AB306569-220D-43FF-B03B83E8F4EF8081}"

ActiveDirectoryPowerShell module

#Get OUs in a domain
Get-ADOrganizationalUnit -Filter * -Properties * 



#Get GPO applied on an OU. Read GPOname from gplink attribute from Get-NetOU
Get-GPO -Guid AB306569-220D-43FF-B03B-83E8F4EF8081