TestimoX

API Reference

Class

NetlogonVulnerableChannelAllowListEvaluator

Namespace ADPlayground.Gpo
Assembly ADPlayground
Modifiers static

Evaluates the Netlogon vulnerable-channel allow-list introduced for legacy Zerologon compatibility. Accounts granted Allow entries in this descriptor may use Netlogon without secure RPC and are exposed to Onelogon-style account takeover.

Inheritance

  • Object
  • NetlogonVulnerableChannelAllowListEvaluator

Methods

public static NetlogonVulnerableChannelAllowListView EvaluateForDomainControllers(String domainName) #
Returns: NetlogonVulnerableChannelAllowListView

Evaluates the effective allow-list policy for domain controllers.

Parameters

domainName System.String requiredposition: 0
DNS name of the domain.

Returns

A parsed view of the configured security descriptor and allow entries.

public static String FormatEffectiveDisplay(String securityDescriptor) #
Returns: String

Formats the effective registry value for reports.

Parameters

securityDescriptor System.String requiredposition: 0
Security descriptor in SDDL form.

Returns

Human-friendly state for attribution rows.

public static NetlogonVulnerableChannelAllowListView FromSecurityDescriptor(String securityDescriptor, IReadOnlyList<GpoRef> sources = null) #
Returns: NetlogonVulnerableChannelAllowListView

Builds a parsed view from an SDDL security descriptor. Intended for tests and callers that already read the value.

Parameters

securityDescriptor System.String requiredposition: 0
Security descriptor in SDDL form.
sources System.Collections.Generic.IReadOnlyList{ADPlayground.Gpo.GpoRef} = null optionalposition: 1
Optional GPO source attribution.

Returns

A parsed allow-list view.