Edges
GPLink
A linked GPO applies its settings to objects in the linked container.
The GPLink relationship connects a Group Policy Object (GPO) to an AD domain or organizational unit (OU) it is linked to.
The GPO’s settings apply to AD accounts (users and computers) within that domain or OU.
The Enforced property on the edge indicates whether the GPO link is enforced, meaning it still applies if an OU has blocked GPO inheritance.
Abuse Info
Control over the GPO can be abused to compromise the AD accounts the GPO applies to by modifying the GPO policy settings.
Refer to A Red Teamer’s Guide to GPOs and OUs for details about the abuse technique, and check out the following tools for practical exploitation:
- Windows: SharpGPOAbuse
- Linux: pyGPOAbuse
Opsec Considerations
There is no opsec information for this edge.