GPLink

The GPLink relationship connects a Group Policy Object (GPO) to an AD domain or organizational unit (OU) it is linked to. The GPO’s settings apply to AD accounts (users and computers) within that domain or OU. The Enforced property on the edge indicates whether the GPO link is enforced, meaning it still applies if an OU has blocked GPO inheritance.

Abuse Info

Control over the GPO can be abused to compromise the AD accounts the GPO applies to by modifying the GPO policy settings. Refer to A Red Teamer’s Guide to GPOs and OUs for details about the abuse technique, and check out the following tools for practical exploitation:

Windows: SharpGPOAbuse
Linux: pyGPOAbuse

Opsec Considerations

There is no opsec information for this edge.

Edge Schema

Source: GPO
Destination: Domain, OU
Traversable: Yes

References

A Red Teamer’s Guide to GPOs and OUs
GitHub: SharpGPOAbuse
GitHub: pyGPOAbuse

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

Abuse Info

Opsec Considerations

Edge Schema

References

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

​Abuse Info

​Opsec Considerations

​Edge Schema

​References

Abuse Info

Opsec Considerations

Edge Schema

References