TestimoX

API Reference

Struct

GpoAclFinding

Edit on GitHub
Namespace ADPlayground.Gpo
Assembly ADPlayground
Source ADPlayground/Gpo/GpoAclAnalyzer.cs:233
Base ValueType
Modifiers sealed

Represents a finding of non-admin write access on a GPO.

Inheritance

  • ValueType
  • GpoAclFinding

Usage

This type appears in these public API surfaces even when no hand-authored example is attached directly to the page.

Returned or exposed by

Accepted by parameters

Constructors

GpoAclFinding 2 overloads
public GpoAclFinding(String gpoName, String identity, String sid, ActiveDirectoryRights rights, IdentityType identityType, Boolean isInherited, Boolean isApplyGroupPolicy) #
ADPlayground/Gpo/GpoAclAnalyzer.cs:233

Initializes a new instance of the GpoAclFinding struct.

Parameters

gpoName System.String requiredposition: 0
GPO display name.
identity System.String requiredposition: 1
Resolved identity (DN or SID).
sid System.String requiredposition: 2
SID with write rights.
rights System.DirectoryServices.ActiveDirectoryRights requiredposition: 3
Granted rights.
identityType ADPlayground.Identity.IdentityType requiredposition: 4
Type of account.
isInherited System.Boolean requiredposition: 5
Indicates whether the ACE is inherited.
isApplyGroupPolicy System.Boolean requiredposition: 6
True when the principal also has the Apply Group Policy right on the GPO link scope.
public GpoAclFinding(String gpoName, String identity, String sid, ActiveDirectoryRights rights, IdentityType identityType, Boolean isInherited, Boolean isApplyGroupPolicy, Nullable<Guid> objectTypeGuid, String objectTypeName) #
ADPlayground/Gpo/GpoAclAnalyzer.cs:254

Initializes a new instance with extended-right/object-type context.

Parameters

gpoName System.String requiredposition: 0
identity System.String requiredposition: 1
sid System.String requiredposition: 2
rights System.DirectoryServices.ActiveDirectoryRights requiredposition: 3
identityType ADPlayground.Identity.IdentityType requiredposition: 4
isInherited System.Boolean requiredposition: 5
isApplyGroupPolicy System.Boolean requiredposition: 6
objectTypeGuid System.Nullable{System.Guid} requiredposition: 7
objectTypeName System.String requiredposition: 8

Properties

public String GpoName { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:263

Gets the GPO display name.

public String Identity { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:268

Gets the identity SID granted access.

public String Sid { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:273

Gets the SID that was granted access.

public ActiveDirectoryRights Rights { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:278

Gets the granted rights.

public IdentityType IdentityType { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:283

Gets the type of account.

public Boolean IsInherited { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:288

Gets a value indicating whether the ACE is inherited.

public Boolean IsApplyGroupPolicy { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:292

True when the ACE grants the "Apply Group Policy" extended right.

public Nullable<Guid> ObjectTypeGuid { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:297

When present, indicates the objectType GUID the ACE targets (schema attribute/extended right).

public String ObjectTypeName { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:302

Resolved friendly name for ObjectTypeGuid from schema/extended rights.

public String GpoDistinguishedName { get; set; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:306

GPO distinguished name.

public String OwnerSid { get; set; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:308

Owner SID of the GPO object.

public String OwnerName { get; set; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:310

Owner friendly name of the GPO object.

public Boolean OwnerTrusted { get; set; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:312

True when the owner is a trusted/expected GPO owner (e.g., Domain Admins, GPCO, BUILTIN\Administrators).