6️⃣ACLs Enumeration
Get the ACL's associated with the specified object
Get-ObjectACL -SamAccountName <accountname> -ResolveGUIDS
Get the ACL's associated with the specified prefix to be used for search
Get-ObjectACL -ADSprefix ‘CN=Administrator,CN=Users’ -Verbose
Get the ACL's associated with the specified path
Get-PathAcl -Path \\<Domain controller>\sysvol
Search for interesting ACL's
Invoke-ACLScanner -ResolveGUIDs
Invoke-ACLScanner -ResolveGUIDs | select IdentityReference, ObjectDN, ActiveDirectoryRights | fl
Search of interesting ACL's for the current user
Invoke-ACLScanner | Where-Object {$_.IdentityReference –eq [System.Security.Principal.WindowsIdentity]::GetCurrent().Name}
Last updated
Was this helpful?