You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SharpHound does not account for Item Level Targetting when collecting local group membership collection from GPOs linked to OUs,
Group Policy Preference in a GPO can add groups or users into local administrators group only if the host has a matching NETBIOS name or member of an AD group.
I know it will be impossible for SharpHound to account for some item level targeting options such as WMI, but I believe ones that are likely used for managing local groups can, such as hostname, OU and security group membership.
Thanks for pointing this out. I agree, it would be a very cool enhancement!
We would definitely approve it if anyone made a pull request for this. If that does not happen, we should look into this someday.
SharpHound does not account for Item Level Targetting when collecting local group membership collection from GPOs linked to OUs,
Group Policy Preference in a GPO can add groups or users into local administrators group only if the host has a matching NETBIOS name or member of an AD group.
I know it will be impossible for SharpHound to account for some item level targeting options such as WMI, but I believe ones that are likely used for managing local groups can, such as hostname, OU and security group membership.
Item level targeting details:
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn789189(v=ws.11)
The text was updated successfully, but these errors were encountered: