API Reference

Class

GpoPermissionReporter

Edit on GitHub

Namespace ADPlayground.Gpo

Assembly ADPlayground

Source ADPlayground/Gpo/GpoPermissionReporter.cs:27

Modifiers static

Provides methods for reporting detailed ACL information for Group Policy Objects.

Inheritance

Object
GpoPermissionReporter

Methods

GetAces 2 overloads

public static List<GpoAceInfo> GetAces(String gpoDistinguishedName) #

ADPlayground/Gpo/GpoPermissionReporter.cs:27

Returns: List<GpoAceInfo>

Retrieves ACE details for the specified GPO distinguished name.

Parameters

gpoDistinguishedName System.String requiredposition: 0

public static List<GpoAceInfo> GetAces(Guid gpoId) #

ADPlayground/Gpo/GpoPermissionReporter.cs:38

Returns: List<GpoAceInfo>

Retrieves ACE details for a GPO by GUID.

Parameters

gpoId System.Guid requiredposition: 0

public static IEnumerable<GpoAceInfo> GetModifyDeleteAces(IEnumerable<GpoAceInfo> aces) #

ADPlayground/Gpo/GpoPermissionReporter.cs:85

Returns: IEnumerable<GpoAceInfo>

Filters ACEs granting modify or delete permissions.

Parameters

aces System.Collections.Generic.IEnumerable{ADPlayground.Gpo.GpoPermissionReporter.GpoAceInfo} requiredposition: 0

GetModifyDeleteRecommendations 4 overloads

public static IEnumerable<String> GetModifyDeleteRecommendations(IEnumerable<GpoAceInfo> aces, String gpoName) #

Returns: IEnumerable<String>

Generates remediation recommendations for ACEs with modify or delete rights.

Parameters

aces System.Collections.Generic.IEnumerable{ADPlayground.Gpo.GpoPermissionReporter.GpoAceInfo} requiredposition: 0: Collection of ACEs.
gpoName System.String requiredposition: 1: Display name or distinguished name of the GPO.

Returns

Recommendations describing risky permissions.

public static IEnumerable<String> GetModifyDeleteRecommendations(String sddl, String gpoName) #

ADPlayground/Gpo/GpoPermissionReporter.cs:107

Returns: IEnumerable<String>

Convenience overload that parses an SDDL string.

Parameters

sddl System.String requiredposition: 0: Security descriptor for the GPO.
gpoName System.String requiredposition: 1: Display name or distinguished name of the GPO.

public static IEnumerable<String> GetModifyDeleteRecommendations(String gpoDistinguishedName) #

ADPlayground/Gpo/GpoPermissionReporter.cs:115

Returns: IEnumerable<String>

Retrieves modify/delete recommendations for a specific GPO.

Parameters

gpoDistinguishedName System.String requiredposition: 0: Distinguished name of the GPO.

public static IEnumerable<String> GetModifyDeleteRecommendations(Guid gpoId) #

ADPlayground/Gpo/GpoPermissionReporter.cs:123

Returns: IEnumerable<String>

Retrieves modify/delete recommendations for a GPO by GUID.

Parameters

gpoId System.Guid requiredposition: 0: GPO GUID.

public static GpoModifyDeleteSummary GetSummary(String domainName) #

ADPlayground/Gpo/GpoPermissionReporter.cs:151

Returns: GpoModifyDeleteSummary

Gets a summary of modify/delete ACE counts for a domain.

Parameters

domainName System.String requiredposition: 0: Domain name to analyze.

Returns

Summary with total modify/delete ACE count.

public static List<GpoAceInfo> ParseAces(String sddl) #

ADPlayground/Gpo/GpoPermissionReporter.cs:66

Returns: List<GpoAceInfo>

Parses ACEs from an SDDL string.

Parameters

sddl System.String requiredposition: 0

public static Void ReportDomain(String domainName) #

ADPlayground/Gpo/GpoPermissionReporter.cs:130

Returns: Void

Reports permissions for all GPOs in the specified domain.

Parameters

domainName System.String requiredposition: 0

Inheritance

Methods

Parameters

Parameters

Parameters

Parameters

Returns

Parameters

Parameters

Parameters

Parameters

Returns

Parameters

Parameters

Inherited Methods

Parameters