API Reference
DelegationOptions
Options to control which ACEs are considered risky when analyzing privileged group delegation.
Inheritance
- Object
- DelegationOptions
Constructors
public DelegationOptions() #Inherited Methods
Properties
public Boolean IgnoreInherited { get; set; } #Ignore inherited ACEs. Defaults to true (focus on explicit assignments).
public Boolean IgnoreDnsAdmins { get; set; } #Ignore the domain's DnsAdmins group. Defaults to true.
public HashSet<String> IgnoreSids { get; set; } #Additional SIDs (string format) to ignore.
public Boolean IgnoreAuthenticatedUsers { get; set; } #Ignore the well-known Authenticated Users SID (S-1-5-11). Defaults to true.
public Boolean IgnoreDomainComputers { get; set; } #Ignore the domain's Domain Computers group (RID 515). Defaults to true.
public Boolean IgnoreDomainUsers { get; set; } #Ignore the domain's Domain Users group (RID 513). Defaults to true.
public Boolean IgnoreEveryone { get; set; } #Ignore the Everyone well-known SID (S-1-1-0). Defaults to true.
public Nullable<Int32> MaxOusToAnalyze { get; set; } #Optional maximum number of OUs to analyze. When set, analysis stops after this many OUs. Defaults to unlimited.
public Nullable<Int32> TimeBudgetMs { get; set; } #Optional wall-clock time budget in milliseconds for OU analysis. When exceeded, remaining OUs are skipped. Defaults to unlimited.
public Int32 MaxDegreeOfParallelism { get; set; } #Maximum degree of parallelism for OU ACL reads. Defaults to 4.