SharpHound icon indicating copy to clipboard operation
SharpHound copied to clipboard

Published 20 hours ago verified publisher icon BloodHoundAD

IsAdmin from group policy preferences does not account for Item Level Targeting

Open kitchung opened this issue 2 years ago • 1 comments

SharpHound does not account for Item Level Targetting when collecting local group membership collection from GPOs linked to OUs,

Group Policy Preference in a GPO can add groups or users into local administrators group only if the host has a matching NETBIOS name or member of an AD group.

I know it will be impossible for SharpHound to account for some item level targeting options such as WMI, but I believe ones that are likely used for managing local groups can, such as hostname, OU and security group membership.

Item level targeting details: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn789189(v=ws.11)

kitchung avatar Dec 24 '22 18:12 kitchung

Hi @kitchung,

Thanks for pointing this out. I agree, it would be a very cool enhancement! We would definitely approve it if anyone made a pull request for this. If that does not happen, we should look into this someday.

JonasBK avatar Apr 28 '23 10:04 JonasBK