Skip to main content

Documentation Index

Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt

Use this file to discover all available pages before exploring further.

Applies to BloodHound Enterprise and CE The GPLink relationship connects a Group Policy Object (GPO) to an AD domain or organizational unit (OU) it is linked to. The GPO’s settings apply to AD accounts (users and computers) within that domain or OU. The Enforced property on the edge indicates whether the GPO link is enforced, meaning it still applies if an OU has blocked GPO inheritance.

Abuse Info

Control over the GPO can be abused to compromise the AD accounts the GPO applies to by modifying the GPO policy settings. Refer to A Red Teamer’s Guide to GPOs and OUs for details about the abuse technique, and check out the following tools for practical exploitation:

Opsec Considerations

There is no opsec information for this edge.

Edge Schema

Source: GPO
Destination: Domain, OU
Traversable: Yes

References