TestimoX

API Reference

Struct

GpoAclFinding

Edit on GitHub
Namespace ADPlayground.Gpo
Assembly ADPlayground
Source ADPlayground/Gpo/GpoAclAnalyzer.cs:217
Base ValueType
Modifiers sealed

Represents a finding of non-admin write access on a GPO.

Inheritance

  • ValueType
  • GpoAclFinding

Constructors

GpoAclFinding 2 overloads
public GpoAclFinding(String gpoName, String identity, String sid, ActiveDirectoryRights rights, IdentityType identityType, Boolean isInherited, Boolean isApplyGroupPolicy) #
ADPlayground/Gpo/GpoAclAnalyzer.cs:217

Initializes a new instance of the GpoAclFinding struct.

Parameters

gpoName System.String requiredposition: 0
GPO display name.
identity System.String requiredposition: 1
Resolved identity (DN or SID).
sid System.String requiredposition: 2
SID with write rights.
rights System.DirectoryServices.ActiveDirectoryRights requiredposition: 3
Granted rights.
identityType ADPlayground.Identity.IdentityType requiredposition: 4
Type of account.
isInherited System.Boolean requiredposition: 5
Indicates whether the ACE is inherited.
isApplyGroupPolicy System.Boolean requiredposition: 6
True when the principal also has the Apply Group Policy right on the GPO link scope.
public GpoAclFinding(String gpoName, String identity, String sid, ActiveDirectoryRights rights, IdentityType identityType, Boolean isInherited, Boolean isApplyGroupPolicy, Nullable<Guid> objectTypeGuid, String objectTypeName) #
ADPlayground/Gpo/GpoAclAnalyzer.cs:238

Initializes a new instance with extended-right/object-type context.

Parameters

gpoName System.String requiredposition: 0
identity System.String requiredposition: 1
sid System.String requiredposition: 2
rights System.DirectoryServices.ActiveDirectoryRights requiredposition: 3
identityType ADPlayground.Identity.IdentityType requiredposition: 4
isInherited System.Boolean requiredposition: 5
isApplyGroupPolicy System.Boolean requiredposition: 6
objectTypeGuid System.Nullable{System.Guid} requiredposition: 7
objectTypeName System.String requiredposition: 8

Properties

public String GpoName { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:247

Gets the GPO display name.

public String Identity { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:252

Gets the identity SID granted access.

public String Sid { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:257

Gets the SID that was granted access.

public ActiveDirectoryRights Rights { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:262

Gets the granted rights.

public IdentityType IdentityType { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:267

Gets the type of account.

public Boolean IsInherited { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:272

Gets a value indicating whether the ACE is inherited.

public Boolean IsApplyGroupPolicy { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:276

True when the ACE grants the "Apply Group Policy" extended right.

public Nullable<Guid> ObjectTypeGuid { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:281

When present, indicates the objectType GUID the ACE targets (schema attribute/extended right).

public String ObjectTypeName { get; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:286

Resolved friendly name for ObjectTypeGuid from schema/extended rights.

public String GpoDistinguishedName { get; set; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:290

GPO distinguished name.

public String OwnerSid { get; set; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:292

Owner SID of the GPO object.

public String OwnerName { get; set; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:294

Owner friendly name of the GPO object.

public Boolean OwnerTrusted { get; set; } #
ADPlayground/Gpo/GpoAclAnalyzer.cs:296

True when the owner is a trusted/expected GPO owner (e.g., Domain Admins, GPCO, BUILTIN\Administrators).