l02-GPOEnum.md

Hands-On 2: GPO Enumeration

• Hands-On 2: GPO Enumeration
  • Tasks
  • Enumerate Restricted Groups from GPO
  • Enumerate Membership of the restricted groups
  • List all the OUs
  • List all the computers in the Students OU
  • List the GPOs
  • Enumerate GPO applied on the Students OU

---

Tasks

Enumerate following for the us.techcorp.local domain:

• Restricted Groups from GPO
• Membership of the restricted groups
• List all the OUs
• List all the computers in the Students OU.
• List the GPOs
• Enumerate GPO applied on the Students OU.

---

Enumerate Restricted Groups from GPO

Use PowerView:

Get-DomainGPOLocalGroup

---

Enumerate Membership of the restricted groups

Get-DomainGroupMember us\machineadmins

---

List all the OUs

Use PowerView:

Get-DomainOU | Select DistinguishedName

---

List all the computers in the Students OU

(Get-DomainOU -Identity 'OU=Students,DC=us,DC=techcorp,DC=local').distinguishedname | %{Get-DomainComputer -SearchBase $_} | Select dnshostname

---

List the GPOs

Get-DomainGPO

---

Enumerate GPO applied on the Students OU

First get the gplink attribute of the Student OU:

Get-DomainOU | Where-Object {$_.name -Like "*Student*"}

• {FCE16496-C744-4E46-AC89-2D01D76EAD68}

Then list the GPO applied on the Students OU:

Get-DomainGPO -Identity '{FCE16496-C744-4E46-AC89-2D01D76EAD68}'

---