group policy management
Disable Windows Defender
Start > (right-click) Group Policy Management > Run as Administrator
Under Forest, Domains > (right-click) DOMAIN > Create GPO in this domain and link it here.
set NAME:
Disable Windows DefenderUnder Forest, Domains > DOMAIN > (right-click) Disable Windows Defender > Edit
Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Defender Antivirus
Select
Turn off Windows Defender Antivirus> Enabled > Apply > OK
Check Windows Defender SmartScreen & Windows Defender ExploitGuard.
Enforce Policy
Under Forest, Domains > DOMAIN > Select the Policy
(right-click) Enforced column > Enable it.
Cached Group Policy Preferences Creds (ms14-025)
Check using msf
use auxiliary/scanner/smb/smb_enum_gppuse post/windows/gather/credentials/gpp
Manual
Use PowerUp.ps1.
File path
C:\ProgramData\Microsoft\Group Policy\History\{UUID-DIRECTORY}\Machine\Preferences\Groups\Groups.xml\Policies\{UUID-DIRECTORY}\MACHINE\Preferences\Groups\Groups.xml
in kali
gpp-decrypt HASH
Fix
Disable LLMNR | blackhillsinfosec.com/how-to-disable-llmnr-why-you-want-to/
if cannot
Require Network Access Control
Require strong user passwords1
Last updated