.. /
gpedit.msc
Local Group Policy Editor
Manage
Local Group Policy Editor for a computer
gpedit.msc /gpcomputer:"DC1.ad.bitsadmin.com"
Usecases
- Add evil startup script
- Weaken security as a backdoor
- Open ports in the firewall
Comments
- Quotes around the hostname or in case of no quotes a space before the hostname seem to be required
- Through SMB edits files in
\\DC1.ad.bitsadmin.com\ADMIN$\GroupPolicy (= %SystemRoot%\System32\GroupPolicy)
Domain
Local Group Policy Editor for a computer
gpedit.msc /gpobject:"LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ad,DC=bitsadmin,DC=com"
Usecase
Execute immediate scheduled tasks on machines to launch implant
Comments
- Example edits Default Domain Policy, change GUID for editing other policies
- Through SMB edits files in
\\ad.bitsadmin.com\SYSVOL\{GUID} (= %SystemRoot%\Sysvol\sysvol\ad.bitsadmin.com by default) on the DC
Mitre Att&ck
Detection