6️⃣ACLs Enumeration
Get the ACL's associated with the specified object
Get-ObjectACL -SamAccountName <accountname> -ResolveGUIDSGet the ACL's associated with the specified prefix to be used for search
Get-ObjectACL -ADSprefix ‘CN=Administrator,CN=Users’ -VerboseGet the ACL's associated with the specified path
Get-PathAcl -Path \\<Domain controller>\sysvolSearch for interesting ACL's
Invoke-ACLScanner -ResolveGUIDs
Invoke-ACLScanner -ResolveGUIDs | select IdentityReference, ObjectDN, ActiveDirectoryRights | flSearch of interesting ACL's for the current user
Invoke-ACLScanner | Where-Object {$_.IdentityReference –eq [System.Security.Principal.WindowsIdentity]::GetCurrent().Name}Last updated
Was this helpful?