Extend Tier0 assets to non-group objects

Open furmelade opened this issue 2 years ago • 3 comments

Hi, so far the T0 list is limited to group objects, but i'd suggest to extend it to several built-in objects which should always considered T0, such as:

Domain root object
AdminSDHolder object
TrustedDomain objects
krbtgt user account
RID-500 account
AAD Connect object(s)

Even possibly extending it to whole OUs and GPOs.

Let me know what you think, cheers

Jun 23 '23 06:06 furmelade

Hi @furmelade,

Thank you for your suggestions! :) I agree that all the assets you listed here should be part of Tier Zero.

Are you interested in making a pull request?

Jun 27 '23 10:06 JonasBK

Hi @JonasBK sure, i will create a pull request (and maybe add some more stuff) in the next couple days.

Jun 28 '23 05:06 furmelade

Awesome - Thanks @furmelade! :)

Jun 28 '23 11:06 JonasBK