TestimoX

API Reference

Class

LapsWindowsReadPermissionScanner

Edit on GitHub
Namespace ADPlayground.Computers
Assembly ADPlayground
Source ADPlayground/Computers/LapsWindowsReadPermissionScanner.cs:64
Modifiers static

Scans a sample of computer objects and projects principals that can read Windows LAPS secrets (msLAPS-Password/msLAPS-EncryptedPassword/msLAPS-PasswordExpirationTime) and DSRM LAPS secrets (msLAPS-EncryptedDSRMPassword/msLAPS-DSRMPasswordExpirationTime). Requires attribute-specific ReadProperty or ExtendedRight ACEs referencing the attribute GUIDs.

Inheritance

  • Object
  • LapsWindowsReadPermissionScanner

Methods

public static Snapshot Evaluate(String domainName, Int32 maxComputers = 300, IEnumerable<String> ignoreSids = null) #
ADPlayground/Computers/LapsWindowsReadPermissionScanner.cs:64
Returns: Snapshot

Scans a sample of computer objects and aggregates principals that can read Windows/DSRM LAPS attributes.

Parameters

domainName System.String requiredposition: 0
DNS domain name.
maxComputers System.Int32 = 300 optionalposition: 1
Maximum number of computers to sample.
ignoreSids System.Collections.Generic.IEnumerable{System.String} = null optionalposition: 2
Optional SIDs to ignore while aggregating.

Returns

Snapshot with principal tallies and representative examples.