

Philip Elder
10.3K posts

@MPECSInc
Microsoft MVP '09-Present. We design & build HA solutions for on-premises, data centre, & hybrid. Workload Migration Specialists. Active Directory Security.




There's another logon script abuse that I found on a recent internal pentest. Wasn't able to abuse this due to not having the required permissions on NETLOGON.; Here's what it is... 1) A logon script is defined in a user(s) scriptPath attribute 2) but it doesn't exist anywhere in NETLOGON 3) and the attacker has the ability to create the logon script somewhere in NETLOGON Here's some of my logon script research from a few years ago 👇 offsec.blog/hidden-menace-…








ACTIVE DIRECTORY: USE GROUP POLICY! SCRIPTS ARE SO NT4! To deal with logon scripts we can use: - Group Policy Objects and OU Structure -- Deploy almost all software via .MSI -- Printer deployment in Active Directory --- Computer/Machine targeted for us -- Windows Firewall 3 Profiles ON -- Windows Firewall Logging ON -- Windows Firewall Protocol Exception Pop-Up ON - User Security Environment -- Fine tune access to all Forest/Domain resources! - Group Policy for Operating System Settings -- WMI Filtering FTW - Group Policy Preferences -- Enable Extensions and Hidden Items -- Create Folders on user's systems -- Create Folders on RD Farm Session Hosts -- Item Level Targeting for Preferences And so much more! I personally can't think of _one_ reason to use a script over Group Policy Object setup and Group Policy Preferences setup.

@MPECSInc “It’s the way we’ve always done it”


@MPECSInc “It’s the way we’ve always done it”










Active Directory security features a lot of people still don’t know about, despite being around forever: - LAPS - Fine-grained password policy - Managed Service Accounts - Authentication Policies & Silos


EU tryna revive chat control? 😳🤔

"I only took 3 days to build SAAS with 0 coding knowledge using AI. Developers are obsolete." Their build: