TestimoX

API Reference

Class

GpoDelegationAnalyzer

Edit on GitHub
Namespace ADPlayground.Delegation
Assembly ADPlayground
Source ADPlayground/Delegation/GpoDelegationAnalyzer.cs:24
Modifiers static

Convenience analyzer for GPO delegation breadth and non-admin exposure. Provides filtered views to avoid duplicating logic in callers.

Inheritance

  • Object
  • GpoDelegationAnalyzer

Methods

public static GpoDelegationView GetEveryoneApplyView(String domainName) #
ADPlayground/Delegation/GpoDelegationAnalyzer.cs:71
Returns: GpoDelegationView

Returns a typed view of GPOs where Everyone has Apply Group Policy permission.

Parameters

domainName System.String requiredposition: 0
DNS domain name.
public static IReadOnlyList<GpoAclExposureRecord> GetIndirectGroupWriteRecords(String domainName) #
ADPlayground/Delegation/GpoDelegationAnalyzer.cs:45
Returns: IReadOnlyList<GpoAclExposureRecord>

Returns non-admin write records where the identity is a group (indirect exposure).

Parameters

domainName System.String requiredposition: 0
DNS domain name.
public static GpoDelegationView GetIndirectGroupWriteView(String domainName) #
ADPlayground/Delegation/GpoDelegationAnalyzer.cs:63
Returns: GpoDelegationView

Returns a typed view of group-based non-admin write records.

Parameters

domainName System.String requiredposition: 0
public static Int32 GetNonAdminWriteCount(String domainName) #
ADPlayground/Delegation/GpoDelegationAnalyzer.cs:54
Returns: Int32

Counts non-admin write records.

Parameters

domainName System.String requiredposition: 0
DNS domain name.
public static IReadOnlyList<GpoAclExposureRecord> GetNonAdminWriteRecords(String domainName) #
ADPlayground/Delegation/GpoDelegationAnalyzer.cs:24
Returns: IReadOnlyList<GpoAclExposureRecord>

Returns GPO ACL exposure records where non-privileged identities have write permissions.

Parameters

domainName System.String requiredposition: 0
DNS domain name.
public static GpoDelegationView GetNonAdminWriteView(String domainName) #
ADPlayground/Delegation/GpoDelegationAnalyzer.cs:59
Returns: GpoDelegationView

Returns a typed view of non-admin write records.

Parameters

domainName System.String requiredposition: 0