6️⃣ACLs Enumeration

Get-ObjectACL -SamAccountName <accountname> -ResolveGUIDS

Get-ObjectACL -ADSprefix ‘CN=Administrator,CN=Users’ -Verbose

Get-PathAcl -Path \\<Domain controller>\sysvol

Invoke-ACLScanner -ResolveGUIDs
Invoke-ACLScanner -ResolveGUIDs | select IdentityReference, ObjectDN, ActiveDirectoryRights | fl

Invoke-ACLScanner | Where-Object {$_.IdentityReference –eq [System.Security.Principal.WindowsIdentity]::GetCurrent().Name}

Last updated 1 year ago

Get-ObjectACL -SamAccountName <accountname> -ResolveGUIDS

Get-ObjectACL -ADSprefix ‘CN=Administrator,CN=Users’ -Verbose

Get-PathAcl -Path \\<Domain controller>\sysvol

Invoke-ACLScanner -ResolveGUIDs
Invoke-ACLScanner -ResolveGUIDs | select IdentityReference, ObjectDN, ActiveDirectoryRights | fl

Invoke-ACLScanner | Where-Object {$_.IdentityReference –eq [System.Security.Principal.WindowsIdentity]::GetCurrent().Name}

Last updated 1 year ago