Detections
Analytics

Verify Sensitive GPO Objects and Files Permissions

critical

Language:

Description

Group Policy Objects (GPOs) configure Windows systems and perform tasks at a high level of privileges. However, only legitimate administrative accounts should manage GPOs linked to sensitive containers, such as the ones containing administrators or domain controllers.

Solution

Permissions on sensitive GPO files or object should only allow control access to legitimate administrative accounts.

See Also

Group Policy Object reference

Indicator Details

Name: Verify Sensitive GPO Objects and Files Permissions

Codename: C-GPO-SD-CONSISTENCY

Severity: Critical

MITRE ATT&CK Information:

Tactics: TA0003