Active Directory Audit

Environment Info

Ran as User:matrix\Administrator
Domain:MATRIX.ORG
Ran on Host:NEO.MATRIX.ORG
Date and Time:08/07/2024 12:29:46
Elapsed Time:00:00:30
Enumeration Tool:Invoke-ADEnum
Flags|Switches:-AllEnum -Force
Recommendations:Click here to Show

Target Domains

DomainNetBIOSDomain SIDDomain Functional LevelForestParentChildren
ferrari.localferrariS-1-5-21-2741628602-1183230269-2439862772Windows Server 2016 (7)ferrari.local
matrix.orgmatrixS-1-5-21-3340537012-3269848001-1634342091Windows Server 2016 (7)matrix.org

Forests

NameForest Functional LevelRecycle BinRoot DomainSchema Role OwnerNaming Role OwnerSites
ferrari.localWindows Server 2016 (7)Enabledferrari.localDC01.ferrari.localDC01.ferrari.localDefault-First-Site-Name, TestSite
matrix.orgWindows Server 2016 (7)Not Enabledmatrix.orgNEO.matrix.orgNEO.matrix.orgDefault-First-Site-Name

Krbtgt Accounts

AccountAccount SIDWhen CreatedWhen ChangedSPNDomain
krbtgtS-1-5-21-2741628602-1183230269-2439862772-50210/07/202310/07/2023kadmin/changepwferrari.local
krbtgtS-1-5-21-3340537012-3269848001-1634342091-50212/07/202312/07/2023kadmin/changepwmatrix.org

Domain Controllers

DC NameOS VersionIP AddressMax Functional LevelLDAPLDAPSOpenPortsUptimePrimaryDomain
DC01Windows Server 2019 Standard10.0.2.128Windows Server 2016 (7)TrueFalse389, 32680 daysYESferrari.local
NEOWindows Server 2019 Standard10.0.2.200Windows Server 2016 (7)TrueFalse389, 32680 daysYESmatrix.org

Domains for the current forest

DomainForestParentChildrenDomain Functional LevelPdc Role OwnerRid Role OwnerInfrastructure Role Owner
matrix.orgmatrix.orgWindows Server 2016 (7)NEO.matrix.orgNEO.matrix.orgNEO.matrix.org

Forest Global Catalog

DC NameForestDomainOS VersionIP Address
DC01.ferrari.localferrari.localferrari.localWindows Server 2019 Standard10.0.2.128
NEO.matrix.orgmatrix.orgmatrix.orgWindows Server 2019 Standardfe80::b96f:93d8:473d:3e41%6

Domain Trusts

Source NameTarget NameTrust TypeTrust AttributesTrust DirectionWhen CreatedWhen Changed
ferrari.localmatrix.orgWINDOWS_ACTIVE_DIRECTORYFILTER_SIDSOutbound12/07/2023 12:26:3105/07/2024 13:58:42
matrix.orgferrari.localWINDOWS_ACTIVE_DIRECTORYInbound12/07/2023 12:26:1705/07/2024 13:58:42

Trust Accounts

DomainNameObject SIDObject GUIDAccount Type
matrix.orgferrari$S-1-5-21-3340537012-3269848001-1634342091-113695fa9f2e-7de8-de42-bcf6-f6943bfc763cTrust Account

Trusted Domain Object GUIDs

Source NameTarget NameDirectionObject GUID
ferrari.localmatrix.orgOutbounde6cc8850-097d-4647-a896-5bde0de803d3

Foreign Domain Members

Group DomainGroup NameMember DomainMember or Group NameMember or Group SIDGroup Members
ferrari.localAdministratorsmatrix.orgMatrix AdminsS-1-5-21-3340537012-3269848001-1634342091-1137Smith - Morpheus
ferrari.localAdministratorsmatrix.orgTheOracleS-1-5-21-3340537012-3269848001-1634342091-1140

Active Directory Domain Analysis

Default Domain Policy

DomainPwd ComplexityMin Pwd LengthMin Pwd AgeMax Pwd AgePassword HistoryLockout ThresholdReversible Encryption
ferrari.localDisabled40 day(s)42 day(s)240Enabled
matrix.orgEnabled71 day(s)42 day(s)00Disabled

Kerberos Password Policy

DomainMax Ticket AgeMax Renew AgeMax Service AgeMax Clock SkewTicket Validate Client
ferrari.local10760051
matrix.org10760051

User Accounts Analysis

DomainNb User AccountsNb EnabledNb DisabledNb ActiveNb InactiveNb LockedNb Pwd Never ExpireNb Password not Req.Nb Reversible Password
ferrari.local1161133910401331
matrix.org373522330410

Computer Account Analysis

DomainNb Computer AccountsNb EnabledNb DisabledNb ActiveNb InactiveUnconstrained Delegations
ferrari.local11101821
matrix.org330210

Operating Systems Insights

DomainOperating SystemNb OSNb EnabledNb DisabledNb ActiveNb Inactive
ferrari.localWindows 10 Enterprise22020
ferrari.localWindows 711001
ferrari.localWindows Server 2012 R2 Standard Evaluation11010
ferrari.localWindows Server 2019 Standard33030
matrix.orgWindows 10 Enterprise22011
matrix.orgWindows Server 2019 Standard11010

LLMNR Status

DomainGPO NameLocationLLMNR
ferrari.localLLMNR Disable\\ferrari.local\SysVol\ferrari.local\Policies\{2EC1473A-20FC-4F89-828C-28D8F93C1A8B}Disabled
Local CheckRegistryPath doesn't existDefaults to Enabled

Machine Account Quota

DomainQuotaWho can add Workstations to the DomainInfo
ferrari.local10ferrari.local\Domain Admins, NT AUTHORITY\Authenticated UsersDomain Admins and Authenticated Users can create 10 computer accounts in this domain.
matrix.org0NT AUTHORITY\Authenticated UsersAuthenticated Users can create 0 computer accounts in this domain.

LM Compatibility Level

DomainGPO NameSettingLM Compatibility Level
ferrari.localRestricted_LM_GPO2Send NTLM response only
matrix.orgDefault Domain Policy3Send NTLMv2 response only

LM Comp Level Affected Machines

DomainVulnerble GPOOU NameMembersIP AddressOperating SystemSIDMember Domain
ferrari.localRestricted_LM_GPOLM_RestrictedWORKSTATION-01$10.0.2.130Windows 10 EnterpriseS-1-5-21-2741628602-1183230269-2439862772-1224ferrari.local
ferrari.localRestricted_LM_GPOLM_RestrictedWORKSTATION-02$10.0.2.131Windows 10 EnterpriseS-1-5-21-2741628602-1183230269-2439862772-1226ferrari.local

Subnets

DomainSiteSubnetDescription
ferrari.localDefault-First-Site-Name10.0.2.0/24Default
ferrari.localTestSite192.168.1.0/24Test

Administrators

Built-In Administrators

Member NameEnabledActiveLast LogonPwd Last SetMember SIDGroup Domain
AdministratorTrueTrue02/07/2024 07:51:2510/07/2023 21:18:28S-1-5-21-2741628602-1183230269-2439862772-500ferrari.local
matrix\Matrix Admins TrueFalseS-1-5-21-3340537012-3269848001-1634342091-1137ferrari.local
matrix\TheOracle TrueFalse27/09/2023 13:43:0927/09/2023 14:02:22S-1-5-21-3340537012-3269848001-1634342091-1140ferrari.local
AdministratorTrueTrue05/07/2024 13:46:5029/08/2023 09:26:00S-1-5-21-3340537012-3269848001-1634342091-500matrix.org
Domain AdminsTrueS-1-5-21-3340537012-3269848001-1634342091-512matrix.org
Enterprise AdminsTrueS-1-5-21-3340537012-3269848001-1634342091-519matrix.org
TheOracleTrueFalse27/09/2023 13:43:0927/09/2023 14:02:22S-1-5-21-3340537012-3269848001-1634342091-1140matrix.org

Enterprise Administrators

Member NameEnabledActiveLast LogonPwd Last SetMember SIDGroup Domain
AdministratorTrueTrue02/07/2024 07:51:2510/07/2023 21:18:28S-1-5-21-2741628602-1183230269-2439862772-500ferrari.local
AdministratorTrueTrue05/07/2024 13:46:5029/08/2023 09:26:00S-1-5-21-3340537012-3269848001-1634342091-500matrix.org

Domain Administrators

Member NameEnabledActiveLast LogonPwd Last SetMember SIDGroup Domain
AdministratorTrueTrue02/07/2024 07:51:2510/07/2023 21:18:28S-1-5-21-2741628602-1183230269-2439862772-500ferrari.local
auria.aurieTrue11/07/2023 21:02:43S-1-5-21-2741628602-1183230269-2439862772-1128ferrari.local
CA01$TrueTrue02/07/2024 07:52:4002/07/2024 08:07:39S-1-5-21-2741628602-1183230269-2439862772-1601ferrari.local
erinna.marilynTrue11/07/2023 21:02:44S-1-5-21-2741628602-1183230269-2439862772-1172ferrari.local
hectorTrueTrue27/02/2024 17:47:3227/02/2024 17:40:52S-1-5-21-2741628602-1183230269-2439862772-1615ferrari.local
karine.barbeTrue11/07/2023 21:02:44S-1-5-21-2741628602-1183230269-2439862772-1168ferrari.local
leanora.clemmyTrue11/07/2023 21:02:43S-1-5-21-2741628602-1183230269-2439862772-1129ferrari.local
ludovika.sareeTrue11/07/2023 21:02:43S-1-5-21-2741628602-1183230269-2439862772-1141ferrari.local
robertoTrueTrue30/05/2024 09:59:1530/05/2024 09:59:31S-1-5-21-2741628602-1183230269-2439862772-1604ferrari.local
Senior ManagementTrueS-1-5-21-2741628602-1183230269-2439862772-1103ferrari.local
AdministratorTrueTrue05/07/2024 13:46:5029/08/2023 09:26:00S-1-5-21-3340537012-3269848001-1634342091-500matrix.org
TheOracleTrueFalse27/09/2023 13:43:0927/09/2023 14:02:22S-1-5-21-3340537012-3269848001-1634342091-1140matrix.org

Principals with DCSync permissions

DomainUser or GroupMembers
ferrari.localAdministratorsAdministrator - S-1-5-21-3340537012-3269848001-1634342091-1137 - S-1-5-21-3340537012-3269848001-1634342091-1140
ferrari.localDomain AdminsAdministrator - auria.aurie - CA01$ - erinna.marilyn - hector - karine.barbe - leanora.clemmy - ludovika.saree - roberto - Senior Management
ferrari.localdyanne.beatriz
ferrari.localEnterprise AdminsAdministrator
ferrari.localleonhard.cristabel
matrix.orgAdministratorsAdministrator - Domain Admins - Enterprise Admins - TheOracle
matrix.orgDomain AdminsAdministrator - TheOracle
matrix.orgEnterprise AdminsAdministrator

Protected and 'Sensitive and Not Allowed for Delegation' status (Administrators)

AccountEnabledActiveAdmDAEAProtectedSensitiveLast LogonPwd Last SetSIDDomain
AdministratorTrueTrueYESYESYESFalseFalse02/07/2024 07:51:2510/07/2023 21:18:28S-1-5-21-2741628602-1183230269-2439862772-500ferrari.local
auria.aurieTrueNOYESNOFalseFalse11/07/2023 21:02:43S-1-5-21-2741628602-1183230269-2439862772-1128ferrari.local
CA01$TrueTrueNOYESNOFalseFalse02/07/2024 07:52:4002/07/2024 08:07:39S-1-5-21-2741628602-1183230269-2439862772-1601ferrari.local
erinna.marilynTrueNOYESNOFalseFalse11/07/2023 21:02:44S-1-5-21-2741628602-1183230269-2439862772-1172ferrari.local
hectorTrueTrueNOYESNOFalseFalse27/02/2024 17:47:3227/02/2024 17:40:52S-1-5-21-2741628602-1183230269-2439862772-1615ferrari.local
karine.barbeTrueNOYESNOTrueFalse11/07/2023 21:02:44S-1-5-21-2741628602-1183230269-2439862772-1168ferrari.local
leanora.clemmyTrueNOYESNOFalseFalse11/07/2023 21:02:43S-1-5-21-2741628602-1183230269-2439862772-1129ferrari.local
ludovika.sareeTrueNOYESNOFalseFalse11/07/2023 21:02:43S-1-5-21-2741628602-1183230269-2439862772-1141ferrari.local
robertoTrueTrueNOYESNOTrueTrue30/05/2024 09:59:1530/05/2024 09:59:31S-1-5-21-2741628602-1183230269-2439862772-1604ferrari.local
Senior ManagementTrueNOYESNOFalseFalseS-1-5-21-2741628602-1183230269-2439862772-1103ferrari.local
AdministratorTrueTrueYESYESYESFalseFalse05/07/2024 13:46:5029/08/2023 09:26:00S-1-5-21-3340537012-3269848001-1634342091-500matrix.org
Domain AdminsTrueYESNONOFalseFalseS-1-5-21-3340537012-3269848001-1634342091-512matrix.org
Enterprise AdminsTrueYESNONOFalseFalseS-1-5-21-3340537012-3269848001-1634342091-519matrix.org
TheOracleTrueFalseYESYESNOFalseFalse27/09/2023 13:43:0927/09/2023 14:02:22S-1-5-21-3340537012-3269848001-1634342091-1140matrix.org

Protected and 'Sensitive and Not Allowed for Delegation' status (Security Groups)

AccountEnabledActiveAdmDAEAProtectedSensitiveLast LogonPwd Last SetSIDDomain
britni.sara-annTrueNONONOFalseFalse11/07/2023 21:02:46S-1-5-21-2741628602-1183230269-2439862772-1206ferrari.local
dre.carlynnTrueNONONOFalseFalse11/07/2023 21:02:45S-1-5-21-2741628602-1183230269-2439862772-1189ferrari.local
SennaTrueTrueNONONOFalseFalse02/07/2024 07:55:3713/07/2023 21:06:51S-1-5-21-2741628602-1183230269-2439862772-1225ferrari.local
tomcatTrueTrueNONONOFalseTrue30/05/2024 10:01:3312/08/2023 11:46:10S-1-5-21-2741628602-1183230269-2439862772-1605ferrari.local

Protected and 'Sensitive and Not Allowed for Delegation' status (Admin Count)

AccountEnabledActiveAdmDAEAProtectedSensitiveLast LogonPwd Last SetSIDDomain
teletrakTrueNONONOFalseFalse28/02/2024 13:05:04S-1-5-21-2741628602-1183230269-2439862772-1617ferrari.local
yopiTrueTrueNONONOTrueFalse29/02/2024 14:18:0529/02/2024 13:26:13S-1-5-21-2741628602-1183230269-2439862772-1616ferrari.local

Groups with AdminCount set to 1 (non-defaults)

Group NameGroup SIDDomain
accountingS-1-5-21-2741628602-1183230269-2439862772-1217ferrari.local
Senior ManagementS-1-5-21-2741628602-1183230269-2439862772-1103ferrari.local

Linked Admin accounts using name correlation

AccountDisplay NameEnabledActiveAdmDAEALast LogonPwd Last SetSIDDomain
hectorhectorTrueTrueNOYESNO27/02/2024 17:47:3227/02/2024 17:40:52S-1-5-21-2741628602-1183230269-2439862772-1615ferrari.local
robertoRobertoTrueTrueNOYESNO30/05/2024 09:59:1530/05/2024 09:59:31S-1-5-21-2741628602-1183230269-2439862772-1604ferrari.local

Local Admin Access

TargetIP AddressOperating SystemProtocolDomain
Workstation-01.matrix.org10.0.2.132Windows 10 EnterpriseSMB, WinRMmatrix.org
Workstation-02.matrix.org10.0.2.133Windows 10 EnterpriseSMB, WinRMmatrix.org

Misconfigurations and Red Flags

ADCS HTTP Endpoints

NameIP AddressMember SIDGroup NameEndpointHTTPHTTPSDomain
CA01$10.0.2.136S-1-5-21-2741628602-1183230269-2439862772-1601Cert PublishersCA01.ferrari.local/certsrv/TruePossibleferrari.local

Certificate Templates

Cert NameClient AuthENROLLEE_SUPPLIES_SUBJECTApprovalEnrollment RightsOwnerWriteOwnerWriteDaclDomain
VulnComputerTrueFalseFalseferrari\Domain Computersferrari\Domain Computersferrari\Domain Computersferrari.local
VulnUserTrueTrueFalseferrari\Domain Usersferrari.local

Service Accounts (Kerberoastable)

AccountEnabledActiveAdmDAEALast LogonPwd Last SetSIDDomain
horsepwr_svcTrueNONONO19/01/2024 09:21:59S-1-5-21-2741628602-1183230269-2439862772-1113ferrari.local
sql_svcTrueFalseNONONO30/11/2023 22:05:2219/01/2024 09:20:30S-1-5-21-2741628602-1183230269-2439862772-1603ferrari.local

Group Managed Service Accounts (GMSA)

AccountEnabledActiveAdmDAEAPwd IntervalPwd Last SetSIDObject GUIDDomain
ITFarm1$TrueNONONO9029/02/2024 12:34:57S-1-5-21-2741628602-1183230269-2439862772-1619e62e16e4-a867-384b-808b-32b39403f309ferrari.local
ITFarm12$TrueNONONO9029/02/2024 12:37:19S-1-5-21-2741628602-1183230269-2439862772-1620f278ed05-8fc3-494c-a887-4f9dde3949c1ferrari.local

Users without kerberos preauthentication set (AS-REProastable)

User NameEnabledActiveAdmDAEALast LogonPwd Last SetSIDDomain
charla.deonneTrueNONONO11/07/2023 21:02:47S-1-5-21-2741628602-1183230269-2439862772-1188ferrari.local
miguela.margiTrueNONONO11/07/2023 21:02:47S-1-5-21-2741628602-1183230269-2439862772-1176ferrari.local

Check if any User Passwords are set

User NameEnabledActiveAdmDAEAUser PasswordRaw PasswordLast LogonPwd Last SetSIDDomain
robertoTrueTrueNOYESNOMyPassword12377 121 80 97 115 115 119 111 114 100 49 50 5130/05/2024 09:59:1530/05/2024 09:59:31S-1-5-21-2741628602-1183230269-2439862772-1604ferrari.local

Users with Password-not-required attribute set

User NameEnabledActiveAdmDAEALast LogonPwd Last SetSIDDomain
test.test.testTrueTrueNONONO10/02/2024 14:42:5617/09/2023 21:04:45S-1-5-21-2741628602-1183230269-2439862772-1608ferrari.local
yopiTrueTrueNONONO29/02/2024 14:18:0529/02/2024 13:26:13S-1-5-21-2741628602-1183230269-2439862772-1616ferrari.local
yopi.adminTrueTrueNONONO04/04/2024 15:47:5629/02/2024 14:24:26S-1-5-21-2741628602-1183230269-2439862772-1618ferrari.local
ferrari$TrueNONONO05/07/2024 13:58:42S-1-5-21-3340537012-3269848001-1634342091-1136matrix.org

Computers with Password-not-required attribute set

Computer NameEnabledActiveIP AddressOperating SystemSIDDomain
ABUSE2COMP$TrueS-1-5-21-2741628602-1183230269-2439862772-1625ferrari.local
ABUSECOMP$TrueTrueS-1-5-21-2741628602-1183230269-2439862772-1624ferrari.local
EVILCOMPUTER$TrueTrueS-1-5-21-2741628602-1183230269-2439862772-1614ferrari.local
WORKSTATION-01$TrueTrue10.0.2.130Windows 10 EnterpriseS-1-5-21-2741628602-1183230269-2439862772-1224ferrari.local

Computer Accounts with empty passwords

NameEnabledActiveIP AddressOperating SystemSIDDomain
EVILCOMPUTER$TrueTrueS-1-5-21-2741628602-1183230269-2439862772-1614ferrari.local

Members of Pre-Windows 2000 Compatible Access group

MemberEnabledActiveIP AddressOperating SystemMember SIDDomain
CA01$TrueTrue10.0.2.136Windows Server 2019 StandardS-1-5-21-2741628602-1183230269-2439862772-1601ferrari.local

Machine accounts in privileged groups

MemberEnabledActiveIP AddressOperating SystemMember SIDMember DomainPrivileged GroupGroup Domain
CA01$TrueTrue10.0.2.136Windows Server 2019 StandardS-1-5-21-2741628602-1183230269-2439862772-1601ferrari.localDomain Adminsferrari.local

Users with Reversible Encryption

NameEnabledActiveAdmDAEALast LogonPwd Last SetObject SIDDomain
robertoTrueTrueNOYESNO30/05/2024 09:59:1530/05/2024 09:59:31S-1-5-21-2741628602-1183230269-2439862772-1604ferrari.local

Hosts running Unsupported OS

NameEnabledActiveIP AddressOperating SystemAccount SIDDomain
EvilComputer2$TrueWindows 7S-1-5-21-2741628602-1183230269-2439862772-1622ferrari.local
SERVER2012$TrueTrue10.0.2.129Windows Server 2012 R2 Standard EvaluationS-1-5-21-2741628602-1183230269-2439862772-1613ferrari.local

Extended Checks

File Servers

ServerEnabledActiveIP AddressOperating SystemAccount SIDDomain
DC01$TrueTrue10.0.2.128Windows Server 2019 StandardS-1-5-21-2741628602-1183230269-2439862772-1000ferrari.local

SQL Servers

ServerEnabledActiveIP AddressOperating SystemAccount SIDDomain
MSSQL01$TrueTrue10.0.2.137Windows Server 2019 StandardS-1-5-21-2741628602-1183230269-2439862772-1602ferrari.local

SMB Signing Not Required

MachineEnabledActiveIP AddressAccount SIDOperating SystemDomain
CA01$TrueTrue10.0.2.136S-1-5-21-2741628602-1183230269-2439862772-1601Windows Server 2019 Standardferrari.local
MSSQL01$TrueTrue10.0.2.137S-1-5-21-2741628602-1183230269-2439862772-1602Windows Server 2019 Standardferrari.local
WORKSTATION-01$TrueTrue10.0.2.130S-1-5-21-2741628602-1183230269-2439862772-1224Windows 10 Enterpriseferrari.local
WORKSTATION-02$TrueTrue10.0.2.131S-1-5-21-2741628602-1183230269-2439862772-1226Windows 10 Enterpriseferrari.local
WORKSTATION-02$TrueTrue10.0.2.133S-1-5-21-3340537012-3269848001-1634342091-1141Windows 10 Enterprisematrix.org

WebDAV Enabled Machines

MachineEnabledActiveIP AddressAccount SIDOperating SystemDomain
WORKSTATION-02$TrueTrue10.0.2.131S-1-5-21-2741628602-1183230269-2439862772-1226Windows 10 Enterpriseferrari.local

Readable and Writable Shares

TargetsShare NameReadableWritableDomain
CA01.ferrari.local\\CA01.ferrari.local\CertEnrollYESNOferrari.local
DC01.ferrari.local\\DC01.ferrari.local\SharedYESNOferrari.local
DC01.ferrari.local\\DC01.ferrari.local\UsersYESNOferrari.local
CA01.ferrari.local\\CA01.ferrari.local\SharedYESYESferrari.local
DC01.ferrari.local\\DC01.ferrari.local\fhdjskal$YESYESferrari.local
Workstation-01.ferrari.local\\Workstation-01.ferrari.local\SharedYESYESferrari.local
Workstation-02.ferrari.local\\Workstation-02.ferrari.local\SharedYESYESferrari.local
Workstation-01.matrix.org\\Workstation-01.matrix.org\ADMIN$YESYESmatrix.org
Workstation-01.matrix.org\\Workstation-01.matrix.org\C$YESYESmatrix.org
Workstation-01.matrix.org\\Workstation-01.matrix.org\SharedYESYESmatrix.org
Workstation-02.matrix.org\\Workstation-02.matrix.org\ADMIN$YESYESmatrix.org
Workstation-02.matrix.org\\Workstation-02.matrix.org\C$YESYESmatrix.org
Workstation-02.matrix.org\\Workstation-02.matrix.org\SharedYESYESmatrix.org

Empty Groups

Group NameGroup SIDDomain
Direttori ManagementS-1-5-21-2741628602-1183230269-2439862772-1109ferrari.local
DnsUpdateProxyS-1-5-21-2741628602-1183230269-2439862772-1102ferrari.local
EmptyGroupS-1-5-21-2741628602-1183230269-2439862772-1621ferrari.local
EngineeringS-1-5-21-2741628602-1183230269-2439862772-1105ferrari.local
IngegneriaS-1-5-21-2741628602-1183230269-2439862772-1111ferrari.local
VenditeS-1-5-21-2741628602-1183230269-2439862772-1112ferrari.local
DnsAdminsS-1-5-21-3340537012-3269848001-1634342091-1101matrix.org
DnsUpdateProxyS-1-5-21-3340537012-3269848001-1634342091-1102matrix.org

Group Policy Checks

Who can create GPOs

AccountOUDomain
ferrari.local\SennaCN=Policies,CN=System,DC=ferrari,DC=localferrari.local

Who can modify existing GPOs

Policy NameWho can editPolicy PathDomain
Computer – LAPSferrari.local\Senna\\ferrari.local\SysVol\ferrari.local\Policies\{121C59AA-FBC4-4D8E-965B-32318725EBF8}ferrari.local

Who can link GPOs

Who can linkObject DNObject Ace TypeActive Directory RightsDomain
ferrari.local\SennaOU=AllComputers,DC=ferrari,DC=localGP-LinkWritePropertyferrari.local

LAPS GPOs

GPO NamePath NameLAPS AdminGPC File Sys PathDomain
Computer – LAPS{121C59AA-FBC4-4D8E-965B-32318725EBF8}Administrator\\ferrari.local\SysVol\ferrari.local\Policies\{121C59AA-FBC4-4D8E-965B-32318725EBF8}ferrari.local

Who can read LAPS

Delegated GroupsTarget OUObjectTypeInheritedObjectTypeActiveDirectoryRightsDomain
ferrari.local\SennaOU=AllComputers,DC=ferrari,DC=localms-Mcs-AdmPwdComputerReadProperty, ExtendedRightferrari.local

LAPS Extended Rights

Computer NameIdentityObjectTypeInheritedObjectTypeActiveDirectoryRightsStatusDomain
MSSQL01$S-1-5-21-2741628602-1183230269-2439862772-1225ms-Mcs-AdmPwdComputerReadProperty, ExtendedRightferrari.local
SERVER2012$S-1-5-21-2741628602-1183230269-2439862772-1225ms-Mcs-AdmPwdComputerReadProperty, ExtendedRightferrari.local

Computer objects where LAPS is enabled

NameIP AddressAccount SIDDomain
CA01$10.0.2.136S-1-5-21-2741628602-1183230269-2439862772-1601ferrari.local
MSSQL01$10.0.2.137S-1-5-21-2741628602-1183230269-2439862772-1602ferrari.local
SERVER2012$10.0.2.129S-1-5-21-2741628602-1183230269-2439862772-1613ferrari.local
WORKSTATION-01$10.0.2.130S-1-5-21-2741628602-1183230269-2439862772-1224ferrari.local
WORKSTATION-02$10.0.2.131S-1-5-21-2741628602-1183230269-2439862772-1226ferrari.local

GPOs that modify local group memberships

GPO Display NameUser/Group NameMemberOfMembersTarget OUsDomain
Modify Local Group Membershipsferrari\Salesferrari.local\tomcatAllComputersferrari.local

Delegation Checks

Unconstrained Delegation

NameEnabledActiveIP AddressOperating SystemAccount SIDDomain
SERVER2012$TrueTrue10.0.2.129Windows Server 2012 R2 Standard EvaluationS-1-5-21-2741628602-1183230269-2439862772-1613ferrari.local

Constrained Delegation (Computers)

DomainNameEnabledActiveIP AddressOperating SystemAccount SIDmsds-AllowedToDelegateTo
ferrari.localEVILCOMPUTER$TrueTrueS-1-5-21-2741628602-1183230269-2439862772-1614time/DC01 - time/DC01/ferrari - time/DC01.ferrari.local - time/DC01.ferrari.local/ferrari.local - time/DC01.ferrari.local/ferrari
ferrari.localMSSQL01$TrueTrue10.0.2.137Windows Server 2019 StandardS-1-5-21-2741628602-1183230269-2439862772-1602cifs/WORKSTATION-01 - cifs/Workstation-01.ferrari.local

Constrained Delegation (Users)

DomainNameEnabledActiveAdmDAEALast LogonSIDmsds-AllowedToDelegateTo
ferrari.localSennaTrueTrueNONONO02/07/2024 07:55:37S-1-5-21-2741628602-1183230269-2439862772-1225DC01/time

Resource Based Constrained Delegation

DomainAccountComputer ObjectAD RightsObject Ace Type
ferrari.localEveryoneABUSE2COMP$WritePropertyDescription, Display-Name, SAM-Account-Name
ferrari.localEveryoneABUSECOMP$GenericAllAny
ferrari.localferrari.local\Domain ComputersEVILCOMPUTER$WritePropertySAM-Account-Name, Display-Name, Description
ferrari.localferrari.local\SchumakerWORKSTATION-01$WritePropertySAM-Account-Name, Display-Name, Description
ferrari.localferrari.local\SennaABUSE2COMP$WritePropertyGP-Link, GP-Options
ferrari.localferrari.local\SennaABUSECOMP$WritePropertyGP-Link, GP-Options
ferrari.localferrari.local\SennaEVILCOMPUTER$WritePropertyGP-Link, GP-Options
ferrari.localferrari.local\SennaMSSQL01$WritePropertyGP-Link, GP-Options
ferrari.localferrari.local\SennaSERVER2012$WritePropertyGP-Link, GP-Options
ferrari.localferrari.local\SennaWORKSTATION-02$WritePropertySAM-Account-Name, Display-Name, Description
ferrari.localNT AUTHORITY\Authenticated UsersABUSECOMP$WritePropertyDescription, Display-Name, SAM-Account-Name
matrix.orgmatrix\SmithWORKSTATION-02$WritePropertySAM-Account-Name, Display-Name, Description

Computers Objects created by regular users

NameEnabledActiveIP AddressOperating SystemAccount SIDCreatorCreatedDomain
WORKSTATION-01$TrueTrue10.0.2.130Windows 10 EnterpriseS-1-5-21-2741628602-1183230269-2439862772-1224Schumaker13/07/2023 21:04:27ferrari.local
WORKSTATION-02$TrueTrue10.0.2.131Windows 10 EnterpriseS-1-5-21-2741628602-1183230269-2439862772-1226Senna13/07/2023 21:07:02ferrari.local
WORKSTATION-02$TrueFalse10.0.2.133Windows 10 EnterpriseS-1-5-21-3340537012-3269848001-1634342091-1141Smith13/07/2023 19:01:04matrix.org

Security Groups

Account Operators

NameEnabledActiveLast LogonMember SIDGroup Domain
robertoTrueTrue30/05/2024 09:59:15S-1-5-21-2741628602-1183230269-2439862772-1604ferrari.local

Backup Operators

NameEnabledActiveLast LogonMember SIDGroup Domain
tomcatTrueTrue30/05/2024 10:01:33S-1-5-21-2741628602-1183230269-2439862772-1605ferrari.local

Cert Publishers

NameEnabledActiveLast LogonMember SIDGroup Domain
CA01$TrueTrue02/07/2024 07:52:40S-1-5-21-2741628602-1183230269-2439862772-1601ferrari.local

Distributed COM Users

NameEnabledActiveLast LogonMember SIDGroup Domain
SennaTrueTrue02/07/2024 07:55:37S-1-5-21-2741628602-1183230269-2439862772-1225ferrari.local

DNS Admins

NameEnabledActiveLast LogonMember SIDGroup Domain
auria.aurieTrueS-1-5-21-2741628602-1183230269-2439862772-1128ferrari.local
britni.sara-annTrueS-1-5-21-2741628602-1183230269-2439862772-1206ferrari.local
dre.carlynnTrueS-1-5-21-2741628602-1183230269-2439862772-1189ferrari.local
erinna.marilynTrueS-1-5-21-2741628602-1183230269-2439862772-1172ferrari.local
karine.barbeTrueS-1-5-21-2741628602-1183230269-2439862772-1168ferrari.local
leanora.clemmyTrueS-1-5-21-2741628602-1183230269-2439862772-1129ferrari.local
ludovika.sareeTrueS-1-5-21-2741628602-1183230269-2439862772-1141ferrari.local
Senior ManagementTrueS-1-5-21-2741628602-1183230269-2439862772-1103ferrari.local

Enterprise Key Admins

NameEnabledActiveLast LogonMember SIDGroup Domain
tomcatTrueTrue30/05/2024 10:01:33S-1-5-21-2741628602-1183230269-2439862772-1605ferrari.local

Enterprise Read-Only Domain Controllers

NameEnabledActiveLast LogonMember SIDGroup Domain
tomcatTrueTrue30/05/2024 10:01:33S-1-5-21-2741628602-1183230269-2439862772-1605ferrari.local

Group Policy Creator Owners

NameEnabledActiveLast LogonMember SIDGroup Domain
AdministratorTrueTrue02/07/2024 07:51:25S-1-5-21-2741628602-1183230269-2439862772-500ferrari.local
AdministratorTrueTrue05/07/2024 13:46:50S-1-5-21-3340537012-3269848001-1634342091-500matrix.org

Key Admins

NameEnabledActiveLast LogonMember SIDGroup Domain
tomcatTrueTrue30/05/2024 10:01:33S-1-5-21-2741628602-1183230269-2439862772-1605ferrari.local

Performance Log Users

NameEnabledActiveLast LogonMember SIDGroup Domain
SennaTrueTrue02/07/2024 07:55:37S-1-5-21-2741628602-1183230269-2439862772-1225ferrari.local

Print Operators

NameEnabledActiveLast LogonMember SIDGroup Domain
robertoTrueTrue30/05/2024 09:59:15S-1-5-21-2741628602-1183230269-2439862772-1604ferrari.local

Protected Users

NameEnabledActiveLast LogonMember SIDGroup Domain
karine.barbeTrueS-1-5-21-2741628602-1183230269-2439862772-1168ferrari.local
robertoTrueTrue30/05/2024 09:59:15S-1-5-21-2741628602-1183230269-2439862772-1604ferrari.local
test.test.testTrueTrue10/02/2024 14:42:56S-1-5-21-2741628602-1183230269-2439862772-1608ferrari.local
yopiTrueTrue29/02/2024 14:18:05S-1-5-21-2741628602-1183230269-2439862772-1616ferrari.local

Read-Only Domain Controllers

NameEnabledActiveLast LogonMember SIDGroup Domain
tomcatTrueTrue30/05/2024 10:01:33S-1-5-21-2741628602-1183230269-2439862772-1605ferrari.local

Remote Desktop Users

NameEnabledActiveLast LogonMember SIDGroup Domain
robertoTrueTrue30/05/2024 09:59:15S-1-5-21-2741628602-1183230269-2439862772-1604ferrari.local

Remote Management Users

NameEnabledActiveLast LogonMember SIDGroup Domain
tomcatTrueTrue30/05/2024 10:01:33S-1-5-21-2741628602-1183230269-2439862772-1605ferrari.local

Schema Admins

NameEnabledActiveLast LogonMember SIDGroup Domain
AdministratorTrueTrue02/07/2024 07:51:25S-1-5-21-2741628602-1183230269-2439862772-500ferrari.local
AdministratorTrueTrue05/07/2024 13:46:50S-1-5-21-3340537012-3269848001-1634342091-500matrix.org

Server Operators

NameEnabledActiveLast LogonMember SIDGroup Domain
tomcatTrueTrue30/05/2024 10:01:33S-1-5-21-2741628602-1183230269-2439862772-1605ferrari.local

Interesting Data

Interesting Servers (by Keyword)

NameEnabledActiveIP AddressOperating SystemAccount SIDDomain
MSSQL01$TrueTrue10.0.2.137Windows Server 2019 StandardS-1-5-21-2741628602-1183230269-2439862772-1602ferrari.local

Interesting GPOs (by Keyword)

KeywordGPO NamePathDomain
DeskEnable PSRemoting Desktops\\ferrari.local\SysVol\ferrari.local\Policies\{A9152327-9334-47E9-A47F-2C8723D92C10}ferrari.local
LAPSComputer – LAPS\\ferrari.local\SysVol\ferrari.local\Policies\{121C59AA-FBC4-4D8E-965B-32318725EBF8}ferrari.local
LLMNRLLMNR Disable\\ferrari.local\SysVol\ferrari.local\Policies\{2EC1473A-20FC-4F89-828C-28D8F93C1A8B}ferrari.local
RemotingEnable PSRemoting Desktops\\ferrari.local\SysVol\ferrari.local\Policies\{A9152327-9334-47E9-A47F-2C8723D92C10}ferrari.local
RemotingEnable PS Remoting\\matrix.org\SysVol\matrix.org\Policies\{07C80CFB-7B3C-402F-AFC2-DAD53B258C31}matrix.org

Interesting Groups (by Keyword)

KeywordGroup NameGroup SIDDomain
AdminAdministratorsS-1-5-32-544ferrari.local
AdminDnsAdminsS-1-5-21-2741628602-1183230269-2439862772-1101ferrari.local
AdminDomain AdminsS-1-5-21-2741628602-1183230269-2439862772-512ferrari.local
AdminEnterprise AdminsS-1-5-21-2741628602-1183230269-2439862772-519ferrari.local
AdminEnterprise Key AdminsS-1-5-21-2741628602-1183230269-2439862772-527ferrari.local
AdminHyper-V AdministratorsS-1-5-32-578ferrari.local
AdminIT AdminsS-1-5-21-2741628602-1183230269-2439862772-1104ferrari.local
AdminKey AdminsS-1-5-21-2741628602-1183230269-2439862772-526ferrari.local
AdminOffice AdminS-1-5-21-2741628602-1183230269-2439862772-1213ferrari.local
AdminSchema AdminsS-1-5-21-2741628602-1183230269-2439862772-518ferrari.local
AdminStorage Replica AdministratorsS-1-5-32-582ferrari.local
BackupBackup OperatorsS-1-5-32-551ferrari.local
DeskRemote Desktop UsersS-1-5-32-555ferrari.local
HyperHyper-V AdministratorsS-1-5-32-578ferrari.local
ManagementDirettori ManagementS-1-5-21-2741628602-1183230269-2439862772-1109ferrari.local
ManagementProject managementS-1-5-21-2741628602-1183230269-2439862772-1215ferrari.local
ManagementRDS Management ServersS-1-5-32-577ferrari.local
ManagementRemote Management UsersS-1-5-32-580ferrari.local
ManagementSenior ManagementS-1-5-21-2741628602-1183230269-2439862772-1103ferrari.local
PasswordAllowed RODC Password Replication GroupS-1-5-21-2741628602-1183230269-2439862772-571ferrari.local
PasswordDenied RODC Password Replication GroupS-1-5-21-2741628602-1183230269-2439862772-572ferrari.local
RemoteRDS Remote Access ServersS-1-5-32-575ferrari.local
RemoteRemote Desktop UsersS-1-5-32-555ferrari.local
RemoteRemote Management UsersS-1-5-32-580ferrari.local
AdminAdministratorsS-1-5-32-544matrix.org
AdminDnsAdminsS-1-5-21-3340537012-3269848001-1634342091-1101matrix.org
AdminDomain AdminsS-1-5-21-3340537012-3269848001-1634342091-512matrix.org
AdminEnterprise AdminsS-1-5-21-3340537012-3269848001-1634342091-519matrix.org
AdminEnterprise Key AdminsS-1-5-21-3340537012-3269848001-1634342091-527matrix.org
AdminHyper-V AdministratorsS-1-5-32-578matrix.org
AdminKey AdminsS-1-5-21-3340537012-3269848001-1634342091-526matrix.org
AdminMatrix AdminsS-1-5-21-3340537012-3269848001-1634342091-1137matrix.org
AdminSchema AdminsS-1-5-21-3340537012-3269848001-1634342091-518matrix.org
AdminStorage Replica AdministratorsS-1-5-32-582matrix.org
BackupBackup OperatorsS-1-5-32-551matrix.org
DeskRemote Desktop UsersS-1-5-32-555matrix.org
HyperHyper-V AdministratorsS-1-5-32-578matrix.org
ManagementRDS Management ServersS-1-5-32-577matrix.org
ManagementRemote Management UsersS-1-5-32-580matrix.org
PasswordAllowed RODC Password Replication GroupS-1-5-21-3340537012-3269848001-1634342091-571matrix.org
PasswordDenied RODC Password Replication GroupS-1-5-21-3340537012-3269848001-1634342091-572matrix.org
RemoteRDS Remote Access ServersS-1-5-32-575matrix.org
RemoteRemote Desktop UsersS-1-5-32-555matrix.org
RemoteRemote Management UsersS-1-5-32-580matrix.org

Interesting OUs (by Keyword)

KeywordNameDomain
AdminITAdminsferrari.local
ManagementDirettoriManagementferrari.local
ManagementSeniorManagementferrari.local

Domain Objects Insights

Servers (Enabled)

NameEnabledActiveIP AddressOperating SystemAccount SIDDomain
CA01$TrueTrue10.0.2.136Windows Server 2019 StandardS-1-5-21-2741628602-1183230269-2439862772-1601ferrari.local
DC01$TrueTrue10.0.2.128Windows Server 2019 StandardS-1-5-21-2741628602-1183230269-2439862772-1000ferrari.local
MSSQL01$TrueTrue10.0.2.137Windows Server 2019 StandardS-1-5-21-2741628602-1183230269-2439862772-1602ferrari.local
SERVER2012$TrueTrue10.0.2.129Windows Server 2012 R2 Standard EvaluationS-1-5-21-2741628602-1183230269-2439862772-1613ferrari.local
NEO$TrueTrue10.0.2.200Windows Server 2019 StandardS-1-5-21-3340537012-3269848001-1634342091-1000matrix.org

Workstations (Enabled)

NameEnabledActiveIP AddressOperating SystemAccount SIDDomain
ABUSE2COMP$TrueS-1-5-21-2741628602-1183230269-2439862772-1625ferrari.local
ABUSECOMP$TrueTrueS-1-5-21-2741628602-1183230269-2439862772-1624ferrari.local
EVILCOMPUTER$TrueTrueS-1-5-21-2741628602-1183230269-2439862772-1614ferrari.local
EvilComputer2$TrueWindows 7S-1-5-21-2741628602-1183230269-2439862772-1622ferrari.local
WORKSTATION-01$TrueTrue10.0.2.130Windows 10 EnterpriseS-1-5-21-2741628602-1183230269-2439862772-1224ferrari.local
WORKSTATION-02$TrueTrue10.0.2.131Windows 10 EnterpriseS-1-5-21-2741628602-1183230269-2439862772-1226ferrari.local
WORKSTATION-01$TrueTrue10.0.2.132Windows 10 EnterpriseS-1-5-21-3340537012-3269848001-1634342091-1143matrix.org
WORKSTATION-02$TrueFalse10.0.2.133Windows 10 EnterpriseS-1-5-21-3340537012-3269848001-1634342091-1141matrix.org

Users (Enabled)

User NameEnabledActiveAdmDAEAObject SIDDomain
adelind.adriaensTrueFalseNONONOS-1-5-21-2741628602-1183230269-2439862772-1131ferrari.local
adella.annadianaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1200ferrari.local
adena.missieTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1133ferrari.local
adiana.hannahTrueFalseNONONOS-1-5-21-2741628602-1183230269-2439862772-1145ferrari.local
AdministratorTrueTrueYESYESYESS-1-5-21-2741628602-1183230269-2439862772-500ferrari.local
aila.emiliTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1125ferrari.local
aline.halleyTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1202ferrari.local
aloise.karleneTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1158ferrari.local
alvina.emmelineTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1191ferrari.local
amberly.cathiTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1135ferrari.local
aprilette.dodeTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1136ferrari.local
arlinda.margetteTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1192ferrari.local
auria.aurieTrueNOYESNOS-1-5-21-2741628602-1183230269-2439862772-1128ferrari.local
bernete.neilleTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1147ferrari.local
blinny.rozinaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1124ferrari.local
britni.sara-annTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1206ferrari.local
cammie.renellTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1121ferrari.local
caryn.gabiTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1180ferrari.local
charla.deonneTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1188ferrari.local
chelsey.selleTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1117ferrari.local
christen.randeneTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1175ferrari.local
dacie.goldyTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1157ferrari.local
damaris.brinnTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1156ferrari.local
danica.catherinaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1130ferrari.local
danielle.cassieTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1205ferrari.local
darsie.lelahTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1212ferrari.local
deidre.daniceTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1148ferrari.local
dinah.lishaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1134ferrari.local
donielle.kennieTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1178ferrari.local
dre.carlynnTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1189ferrari.local
drusy.melliTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1164ferrari.local
dyanne.beatrizTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1195ferrari.local
eda.bernardinaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1211ferrari.local
emilie.dynaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1153ferrari.local
enriqueta.beverieTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1150ferrari.local
ericka.martieTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1170ferrari.local
erinna.marilynTrueNOYESNOS-1-5-21-2741628602-1183230269-2439862772-1172ferrari.local
etti.cherriTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1201ferrari.local
evey.henkaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1197ferrari.local
faye.olivetteTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1193ferrari.local
frankie.brettTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1149ferrari.local
gavra.jorryTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1183ferrari.local
georgianna.josefaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1139ferrari.local
grace.sharylTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1142ferrari.local
gracie.pamTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1204ferrari.local
hectorTrueTrueNOYESNOS-1-5-21-2741628602-1183230269-2439862772-1615ferrari.local
hermione.sandyTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1154ferrari.local
honey.olenkaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1181ferrari.local
horsepwr_svcTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1113ferrari.local
ilyse.andriaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1203ferrari.local
imogen.metaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1190ferrari.local
jacqueline.blancaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1174ferrari.local
janenna.doreliaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1169ferrari.local
janie.mollyTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1208ferrari.local
karine.barbeTrueNOYESNOS-1-5-21-2741628602-1183230269-2439862772-1168ferrari.local
kariotta.brigidTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1160ferrari.local
karyl.christiTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1114ferrari.local
kenon.dronaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1179ferrari.local
kienan.kathieTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1177ferrari.local
kippar.berryTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1144ferrari.local
klara.kessiahTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1143ferrari.local
laetitia.miaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1167ferrari.local
lawry.isabelTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1165ferrari.local
leanora.clemmyTrueNOYESNOS-1-5-21-2741628602-1183230269-2439862772-1129ferrari.local
leonhard.cristabelTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1198ferrari.local
locke.celineTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1163ferrari.local
louisette.hendrikaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1161ferrari.local
ludovika.sareeTrueNOYESNOS-1-5-21-2741628602-1183230269-2439862772-1141ferrari.local
malva.babbTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1184ferrari.local
marylou.lorineTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1186ferrari.local
meredith.coralieTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1173ferrari.local
merlina.dynaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1115ferrari.local
michelle.caroleTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1155ferrari.local
miguela.margiTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1176ferrari.local
mil.marjoryTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1171ferrari.local
myrle.charityTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1132ferrari.local
myrle.phedraTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1118ferrari.local
nelly.periaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1187ferrari.local
netty.shoshannaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1151ferrari.local
norina.llewellynTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1146ferrari.local
odille.oliaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1137ferrari.local
olive.lesTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1159ferrari.local
ollie.amburTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1207ferrari.local
opaline.oreleeTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1120ferrari.local
peria.silvieTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1162ferrari.local
pia.sherilynTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1116ferrari.local
rahal.hertaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1119ferrari.local
regan.caresseTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1196ferrari.local
renell.kelleyTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1122ferrari.local
rheta.juliTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1199ferrari.local
roanne.antonettaTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1185ferrari.local
robertoTrueTrueNOYESNOS-1-5-21-2741628602-1183230269-2439862772-1604ferrari.local
rokfortTrueFalseNONONOS-1-5-21-2741628602-1183230269-2439862772-1610ferrari.local
sapphira.henrietteTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1126ferrari.local
SchumakerTrueTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1223ferrari.local
selia.leonidasTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1127ferrari.local
SennaTrueTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1225ferrari.local
shana.daffyTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1209ferrari.local
shanta.mayeTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1166ferrari.local
sheree.milissentTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1123ferrari.local
shirline.chrisTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1152ferrari.local
sidonnie.kristoforTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1138ferrari.local
sidonnie.nathalieTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1194ferrari.local
sql_svcTrueFalseNONONOS-1-5-21-2741628602-1183230269-2439862772-1603ferrari.local
starr.annamarieTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1140ferrari.local
susy.mollieTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1182ferrari.local
teletrakTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1617ferrari.local
test.test.testTrueTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1608ferrari.local
test.userTrueFalseNONONOS-1-5-21-2741628602-1183230269-2439862772-1606ferrari.local
test-userTrueFalseNONONOS-1-5-21-2741628602-1183230269-2439862772-1607ferrari.local
tomcatTrueTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1605ferrari.local
yopiTrueTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1616ferrari.local
yopi.adminTrueTrueNONONOS-1-5-21-2741628602-1183230269-2439862772-1618ferrari.local
a.livingstonTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1107matrix.org
a.woodwardTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1134matrix.org
AdministratorTrueTrueYESYESYESS-1-5-21-3340537012-3269848001-1634342091-500matrix.org
b.andersonTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1118matrix.org
b.conradTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1115matrix.org
b.wangTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1125matrix.org
c.hardyTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1132matrix.org
c.lynchTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1113matrix.org
c.rojasTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1114matrix.org
c.woodsTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1131matrix.org
d.trujilloTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1130matrix.org
e.sparksTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1122matrix.org
ferrari$TrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1136matrix.org
g.leachTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1108matrix.org
g.stevensonTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1111matrix.org
h.hutchinsonTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1120matrix.org
h.rogersTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1119matrix.org
i.mcdonaldTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1124matrix.org
j.bondTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1126matrix.org
j.estesTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1127matrix.org
k.washingtonTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1106matrix.org
l.frederickTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1110matrix.org
m.claytonTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1117matrix.org
MorpheusTrueTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1138matrix.org
n.dodsonTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1128matrix.org
n.harringtonTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1123matrix.org
p.osbornTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1133matrix.org
r.choiTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1121matrix.org
r.travisTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1135matrix.org
s.greenTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1112matrix.org
s.riveraTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1109matrix.org
SmithTrueFalseNONONOS-1-5-21-3340537012-3269848001-1634342091-1139matrix.org
TheOracleTrueFalseYESYESNOS-1-5-21-3340537012-3269848001-1634342091-1140matrix.org
w.valdezTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1129matrix.org
z.hallTrueNONONOS-1-5-21-3340537012-3269848001-1634342091-1116matrix.org

All Groups

Group NameGroup SIDDomainMembers
Access Control Assistance OperatorsS-1-5-32-579ferrari.local
Account OperatorsS-1-5-32-548ferrari.localroberto
accountingS-1-5-21-2741628602-1183230269-2439862772-1217ferrari.localgrace.sharyl - honey.olenka
AdministratorsS-1-5-32-544ferrari.localAdministrator - matrix\Matrix Admins - matrix\TheOracle
Allowed RODC Password Replication GroupS-1-5-21-2741628602-1183230269-2439862772-571ferrari.local
Backup OperatorsS-1-5-32-551ferrari.localtomcat
Cert PublishersS-1-5-21-2741628602-1183230269-2439862772-517ferrari.localCA01$
Certificate Service DCOM AccessS-1-5-32-574ferrari.local
Cloneable Domain ControllersS-1-5-21-2741628602-1183230269-2439862772-522ferrari.local
Cryptographic OperatorsS-1-5-32-569ferrari.local
Denied RODC Password Replication GroupS-1-5-21-2741628602-1183230269-2439862772-572ferrari.localAdministrator - auria.aurie - CA01$ - Cert Publishers - Domain Admins - Domain Controllers - Enterprise Admins - erinna.marilyn - Group Policy Creator Owners - hector - karine.barbe - leanora.clemmy - ludovika.saree - Read-only Domain Controllers - roberto - Schema Admins - Senior Management - tomcat
Direttori ManagementS-1-5-21-2741628602-1183230269-2439862772-1109ferrari.local
Distributed COM UsersS-1-5-32-562ferrari.localSenna
DnsAdminsS-1-5-21-2741628602-1183230269-2439862772-1101ferrari.localauria.aurie - britni.sara-ann - dre.carlynn - erinna.marilyn - karine.barbe - leanora.clemmy - ludovika.saree - Senior Management
DnsUpdateProxyS-1-5-21-2741628602-1183230269-2439862772-1102ferrari.local
Domain AdminsS-1-5-21-2741628602-1183230269-2439862772-512ferrari.localAdministrator - auria.aurie - CA01$ - erinna.marilyn - hector - karine.barbe - leanora.clemmy - ludovika.saree - roberto - Senior Management
Domain ComputersS-1-5-21-2741628602-1183230269-2439862772-515ferrari.local
Domain ControllersS-1-5-21-2741628602-1183230269-2439862772-516ferrari.local
Domain GuestsS-1-5-21-2741628602-1183230269-2439862772-514ferrari.local
Domain UsersS-1-5-21-2741628602-1183230269-2439862772-513ferrari.local
EmptyGroupS-1-5-21-2741628602-1183230269-2439862772-1621ferrari.local
EngineeringS-1-5-21-2741628602-1183230269-2439862772-1105ferrari.local
Enterprise AdminsS-1-5-21-2741628602-1183230269-2439862772-519ferrari.localAdministrator
Enterprise Key AdminsS-1-5-21-2741628602-1183230269-2439862772-527ferrari.localtomcat
Enterprise Read-only Domain ControllersS-1-5-21-2741628602-1183230269-2439862772-498ferrari.localtomcat
Event Log ReadersS-1-5-32-573ferrari.local
ExecutivesS-1-5-21-2741628602-1183230269-2439862772-1214ferrari.locallocke.celine - ollie.ambur - sapphira.henriette
Group Policy Creator OwnersS-1-5-21-2741628602-1183230269-2439862772-520ferrari.localAdministrator
GuestsS-1-5-32-546ferrari.localDomain Guests
Hyper-V AdministratorsS-1-5-32-578ferrari.local
IIS_IUSRSS-1-5-32-568ferrari.local
Incoming Forest Trust BuildersS-1-5-32-557ferrari.local
IngegneriaS-1-5-21-2741628602-1183230269-2439862772-1111ferrari.local
IT AdminsS-1-5-21-2741628602-1183230269-2439862772-1104ferrari.localdanielle.cassie - darsie.lelah - eda.bernardina - georgianna.josefa - myrle.phedra
Key AdminsS-1-5-21-2741628602-1183230269-2439862772-526ferrari.localtomcat
marketingS-1-5-21-2741628602-1183230269-2439862772-1216ferrari.locallouisette.hendrika - ludovika.saree - mil.marjory - olive.les
Network Configuration OperatorsS-1-5-32-556ferrari.local
Office AdminS-1-5-21-2741628602-1183230269-2439862772-1213ferrari.localshirline.chris
Performance Log UsersS-1-5-32-559ferrari.localSenna
Performance Monitor UsersS-1-5-32-558ferrari.local
Pre-Windows 2000 Compatible AccessS-1-5-32-554ferrari.localCA01$
Print OperatorsS-1-5-32-550ferrari.localroberto
Project managementS-1-5-21-2741628602-1183230269-2439862772-1215ferrari.localaprilette.dode - dre.carlynn - leonhard.cristabel
Protected UsersS-1-5-21-2741628602-1183230269-2439862772-525ferrari.localkarine.barbe - roberto - test.test.test - yopi
RAS and IAS ServersS-1-5-21-2741628602-1183230269-2439862772-553ferrari.local
RDS Endpoint ServersS-1-5-32-576ferrari.local
RDS Management ServersS-1-5-32-577ferrari.local
RDS Remote Access ServersS-1-5-32-575ferrari.local
Read-only Domain ControllersS-1-5-21-2741628602-1183230269-2439862772-521ferrari.localtomcat
Remote Desktop UsersS-1-5-32-555ferrari.localroberto
Remote Management UsersS-1-5-32-580ferrari.localtomcat
ReplicatorS-1-5-32-552ferrari.local
SalesS-1-5-21-2741628602-1183230269-2439862772-1106ferrari.localamberly.cathi - auria.aurie - dacie.goldy - danielle.cassie - dyanne.beatriz - louisette.hendrika - netty.shoshanna - rheta.juli - sidonnie.nathalie
Schema AdminsS-1-5-21-2741628602-1183230269-2439862772-518ferrari.localAdministrator
Senior ManagementS-1-5-21-2741628602-1183230269-2439862772-1103ferrari.localauria.aurie - erinna.marilyn - karine.barbe - leanora.clemmy - ludovika.saree
Server OperatorsS-1-5-32-549ferrari.localtomcat
Storage Replica AdministratorsS-1-5-32-582ferrari.local
Tecnici InformaticiS-1-5-21-2741628602-1183230269-2439862772-1110ferrari.localtomcat
Terminal Server License ServersS-1-5-32-561ferrari.local
UsersS-1-5-32-545ferrari.localAdministrator - Domain Users
VenditeS-1-5-21-2741628602-1183230269-2439862772-1112ferrari.local
Windows Authorization Access GroupS-1-5-32-560ferrari.local
Access Control Assistance OperatorsS-1-5-32-579matrix.org
Account OperatorsS-1-5-32-548matrix.org
AdministratorsS-1-5-32-544matrix.orgAdministrator - Domain Admins - Enterprise Admins - TheOracle
Allowed RODC Password Replication GroupS-1-5-21-3340537012-3269848001-1634342091-571matrix.org
Backup OperatorsS-1-5-32-551matrix.org
Cert PublishersS-1-5-21-3340537012-3269848001-1634342091-517matrix.org
Certificate Service DCOM AccessS-1-5-32-574matrix.org
ChadsS-1-5-21-3340537012-3269848001-1634342091-1103matrix.orga.livingston - b.conrad - c.lynch - c.rojas - g.leach - g.stevenson - k.washington - l.frederick - s.green - s.rivera
Cloneable Domain ControllersS-1-5-21-3340537012-3269848001-1634342091-522matrix.org
Cryptographic OperatorsS-1-5-32-569matrix.org
DegensS-1-5-21-3340537012-3269848001-1634342091-1105matrix.orga.woodward - c.hardy - c.woods - d.trujillo - j.bond - j.estes - n.dodson - p.osborn - r.travis - w.valdez
Denied RODC Password Replication GroupS-1-5-21-3340537012-3269848001-1634342091-572matrix.orgAdministrator - Cert Publishers - Domain Admins - Domain Controllers - Enterprise Admins - Group Policy Creator Owners - Read-only Domain Controllers - Schema Admins - TheOracle
Distributed COM UsersS-1-5-32-562matrix.org
DnsAdminsS-1-5-21-3340537012-3269848001-1634342091-1101matrix.org
DnsUpdateProxyS-1-5-21-3340537012-3269848001-1634342091-1102matrix.org
Domain AdminsS-1-5-21-3340537012-3269848001-1634342091-512matrix.orgAdministrator - TheOracle
Domain ComputersS-1-5-21-3340537012-3269848001-1634342091-515matrix.org
Domain ControllersS-1-5-21-3340537012-3269848001-1634342091-516matrix.org
Domain GuestsS-1-5-21-3340537012-3269848001-1634342091-514matrix.org
Domain UsersS-1-5-21-3340537012-3269848001-1634342091-513matrix.org
Enterprise AdminsS-1-5-21-3340537012-3269848001-1634342091-519matrix.orgAdministrator
Enterprise Key AdminsS-1-5-21-3340537012-3269848001-1634342091-527matrix.org
Enterprise Read-only Domain ControllersS-1-5-21-3340537012-3269848001-1634342091-498matrix.org
Event Log ReadersS-1-5-32-573matrix.org
Group Policy Creator OwnersS-1-5-21-3340537012-3269848001-1634342091-520matrix.orgAdministrator
GuestsS-1-5-32-546matrix.orgDomain Guests
Hyper-V AdministratorsS-1-5-32-578matrix.org
IIS_IUSRSS-1-5-32-568matrix.org
Incoming Forest Trust BuildersS-1-5-32-557matrix.org
Key AdminsS-1-5-21-3340537012-3269848001-1634342091-526matrix.org
Matrix AdminsS-1-5-21-3340537012-3269848001-1634342091-1137matrix.orgMorpheus - Smith
Network Configuration OperatorsS-1-5-32-556matrix.org
NormiesS-1-5-21-3340537012-3269848001-1634342091-1104matrix.orgb.anderson - b.wang - e.sparks - h.hutchinson - h.rogers - i.mcdonald - m.clayton - n.harrington - r.choi - z.hall
Performance Log UsersS-1-5-32-559matrix.org
Performance Monitor UsersS-1-5-32-558matrix.org
Pre-Windows 2000 Compatible AccessS-1-5-32-554matrix.org
Print OperatorsS-1-5-32-550matrix.org
Protected UsersS-1-5-21-3340537012-3269848001-1634342091-525matrix.org
RAS and IAS ServersS-1-5-21-3340537012-3269848001-1634342091-553matrix.org
RDS Endpoint ServersS-1-5-32-576matrix.org
RDS Management ServersS-1-5-32-577matrix.org
RDS Remote Access ServersS-1-5-32-575matrix.org
Read-only Domain ControllersS-1-5-21-3340537012-3269848001-1634342091-521matrix.org
Remote Desktop UsersS-1-5-32-555matrix.org
Remote Management UsersS-1-5-32-580matrix.org
ReplicatorS-1-5-32-552matrix.org
Schema AdminsS-1-5-21-3340537012-3269848001-1634342091-518matrix.orgAdministrator
Server OperatorsS-1-5-32-549matrix.org
Storage Replica AdministratorsS-1-5-32-582matrix.org
Terminal Server License ServersS-1-5-32-561matrix.org
UsersS-1-5-32-545matrix.orgAdministrator - Domain Users
Windows Authorization Access GroupS-1-5-32-560matrix.org

All Domain GPOs

GPO NamePathOUs the policy applies toDomain
Computer – LAPS\\ferrari.local\SysVol\ferrari.local\Policies\{121C59AA-FBC4-4D8E-965B-32318725EBF8}AllComputersferrari.local
Default Domain Controllers Policy\\ferrari.local\sysvol\ferrari.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}Domain Controllersferrari.local
Default Domain Policy\\ferrari.local\sysvol\ferrari.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}ferrari.local
Enable PSRemoting Desktops\\ferrari.local\SysVol\ferrari.local\Policies\{A9152327-9334-47E9-A47F-2C8723D92C10}ferrari.local
LLMNR Disable\\ferrari.local\SysVol\ferrari.local\Policies\{2EC1473A-20FC-4F89-828C-28D8F93C1A8B}ferrari.local
Modify Local Group Memberships\\ferrari.local\SysVol\ferrari.local\Policies\{2581DE0E-C081-4FA4-A773-03728CE8A916}AllComputersferrari.local
Policies_Test_GPO\\ferrari.local\SysVol\ferrari.local\Policies\{D629DB27-AE94-4114-80D2-F562F1EF695D}Pol_OUferrari.local
Restricted_LM_GPO\\ferrari.local\SysVol\ferrari.local\Policies\{FAB9BB73-CDE7-4F5F-9AD2-CB203698CC4B}LM_Restrictedferrari.local
WinRM Firewall TCP 5985\\ferrari.local\SysVol\ferrari.local\Policies\{681CA2B0-3AC7-4402-A4E1-91F1DA4B8BD0}ferrari.local
Default Domain Controllers Policy\\matrix.org\sysvol\matrix.org\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}Domain Controllersmatrix.org
Default Domain Policy\\matrix.org\sysvol\matrix.org\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}matrix.org
Enable PS Remoting\\matrix.org\SysVol\matrix.org\Policies\{07C80CFB-7B3C-402F-AFC2-DAD53B258C31}matrix.org

All Domain OUs

NameDomainMembers
AllComputersferrari.localCA01$ - MSSQL01$ - SERVER2012$ - EVILCOMPUTER$ - ABUSECOMP$ - ABUSE2COMP$
DirettoriManagementferrari.local
Domain Controllersferrari.localDC01$
Engineeringferrari.local
Ingegneriaferrari.local
ITAdminsferrari.local
LM_Restrictedferrari.localWORKSTATION-01$ - WORKSTATION-02$
Pol_OUferrari.local
Printersferrari.local
Salesferrari.local
SeniorManagementferrari.local
TecniciInformaticiferrari.local
Venditeferrari.local
Chadsmatrix.orgk.washington - a.livingston - g.leach - s.rivera - l.frederick - g.stevenson - s.green - c.lynch - c.rojas - b.conrad
Degensmatrix.orgj.bond - j.estes - n.dodson - w.valdez - d.trujillo - c.woods - c.hardy - p.osborn - a.woodward - r.travis
Domain Controllersmatrix.orgNEO$
Normiesmatrix.orgz.hall - m.clayton - b.anderson - h.rogers - h.hutchinson - r.choi - e.sparks - n.harrington - i.mcdonald - b.wang

All Descriptions

Domain ObjectDomainDescription
Access Control Assistance Operatorsferrari.localMembers of this group can remotely query authorization attributes and permissions for resources on this computer.
Account Operatorsferrari.localMembers can administer domain user and group accounts
Administratorferrari.localBuilt-in account for administering the computer/domain
Administratorsferrari.localAdministrators have complete and unrestricted access to the computer/domain
Allowed RODC Password Replication Groupferrari.localMembers in this group can have their passwords replicated to all read-only domain controllers in the domain
aprilette.dodeferrari.localNew User ,DefaultPassword
Backup Operatorsferrari.localBackup Operators can override security restrictions for the sole purpose of backing up or restoring files
Cert Publishersferrari.localMembers of this group are permitted to publish certificates to the directory
Certificate Service DCOM Accessferrari.localMembers of this group are allowed to connect to Certification Authorities in the enterprise
Cloneable Domain Controllersferrari.localMembers of this group that are domain controllers may be cloned.
Cryptographic Operatorsferrari.localMembers are authorized to perform cryptographic operations.
Denied RODC Password Replication Groupferrari.localMembers in this group cannot have their passwords replicated to any read-only domain controllers in the domain
Distributed COM Usersferrari.localMembers are allowed to launch, activate and use Distributed COM objects on this machine.
DnsAdminsferrari.localDNS Administrators Group
DnsUpdateProxyferrari.localDNS clients who are permitted to perform dynamic updates on behalf of some other clients (such as DHCP servers).
Domain Adminsferrari.localDesignated administrators of the domain
Domain Computersferrari.localAll workstations and servers joined to the domain
Domain Controllersferrari.localAll domain controllers in the domain
Domain Guestsferrari.localAll domain guests
Domain Usersferrari.localAll domain users
dyanne.beatrizferrari.localReplication Account
Enterprise Adminsferrari.localDesignated administrators of the enterprise
Enterprise Key Adminsferrari.localMembers of this group can perform administrative actions on key objects within the forest.
Enterprise Read-only Domain Controllersferrari.localMembers of this group are Read-Only Domain Controllers in the enterprise
Event Log Readersferrari.localMembers of this group can read event logs from local machine
faye.olivetteferrari.localShared User
Group Policy Creator Ownersferrari.localMembers in this group can modify group policy for the domain
Guestsferrari.localGuests have the same access as members of the Users group by default, except for the Guest account which is further restricted
hermione.sandyferrari.localShared User
Hyper-V Administratorsferrari.localMembers of this group have complete and unrestricted access to all features of Hyper-V.
IIS_IUSRSferrari.localBuilt-in group used by Internet Information Services.
Incoming Forest Trust Buildersferrari.localMembers of this group can create incoming, one-way trusts to this forest
Key Adminsferrari.localMembers of this group can perform administrative actions on key objects within the domain.
leonhard.cristabelferrari.localReplication Account
Network Configuration Operatorsferrari.localMembers in this group can have some administrative privileges to manage configuration of networking features
Performance Log Usersferrari.localMembers of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer
Performance Monitor Usersferrari.localMembers of this group can access performance counter data locally and remotely
peria.silvieferrari.localShared User
Pre-Windows 2000 Compatible Accessferrari.localA backward compatibility group which allows read access on all users and groups in the domain
Print Operatorsferrari.localMembers can administer printers installed on domain controllers
Protected Usersferrari.localMembers of this group are afforded additional protections against authentication security threats. See http://go.microsoft.com/fwlink/?LinkId=298939 for more information.
RAS and IAS Serversferrari.localServers in this group can access remote access properties of users
RDS Endpoint Serversferrari.localServers in this group run virtual machines and host sessions where users RemoteApp programs and personal virtual desktops run. This group needs to be populated on servers running RD Connection Broker. RD Session Host servers and RD Virtualization Host servers used in the deployment need to be in this group.
RDS Management Serversferrari.localServers in this group can perform routine administrative actions on servers running Remote Desktop Services. This group needs to be populated on all servers in a Remote Desktop Services deployment. The servers running the RDS Central Management service must be included in this group.
RDS Remote Access Serversferrari.localServers in this group enable users of RemoteApp programs and personal virtual desktops access to these resources. In Internet-facing deployments, these servers are typically deployed in an edge network. This group needs to be populated on servers running RD Connection Broker. RD Gateway servers and RD Web Access servers used in the deployment need to be in this group.
Read-only Domain Controllersferrari.localMembers of this group are Read-Only Domain Controllers in the domain
Remote Desktop Usersferrari.localMembers in this group are granted the right to logon remotely
Remote Management Usersferrari.localMembers of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.
Replicatorferrari.localSupports file replication in a domain
Schema Adminsferrari.localDesignated administrators of the schema
Server Operatorsferrari.localMembers can administer domain servers
Storage Replica Administratorsferrari.localMembers of this group have complete and unrestricted access to all features of Storage Replica.
Terminal Server License Serversferrari.localMembers of this group can update user accounts in Active Directory with information about license issuance, for the purpose of tracking and reporting TS Per User CAL usage
tomcatferrari.localMy password is P@ssw0rd!
Usersferrari.localUsers are prevented from making accidental or intentional system-wide changes and can run most applications
Windows Authorization Access Groupferrari.localMembers of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
Access Control Assistance Operatorsmatrix.orgMembers of this group can remotely query authorization attributes and permissions for resources on this computer.
Account Operatorsmatrix.orgMembers can administer domain user and group accounts
Administratormatrix.orgBuilt-in account for administering the computer/domain
Administratorsmatrix.orgAdministrators have complete and unrestricted access to the computer/domain
Allowed RODC Password Replication Groupmatrix.orgMembers in this group can have their passwords replicated to all read-only domain controllers in the domain
Backup Operatorsmatrix.orgBackup Operators can override security restrictions for the sole purpose of backing up or restoring files
Cert Publishersmatrix.orgMembers of this group are permitted to publish certificates to the directory
Certificate Service DCOM Accessmatrix.orgMembers of this group are allowed to connect to Certification Authorities in the enterprise
Cloneable Domain Controllersmatrix.orgMembers of this group that are domain controllers may be cloned.
Cryptographic Operatorsmatrix.orgMembers are authorized to perform cryptographic operations.
Denied RODC Password Replication Groupmatrix.orgMembers in this group cannot have their passwords replicated to any read-only domain controllers in the domain
Distributed COM Usersmatrix.orgMembers are allowed to launch, activate and use Distributed COM objects on this machine.
DnsAdminsmatrix.orgDNS Administrators Group
DnsUpdateProxymatrix.orgDNS clients who are permitted to perform dynamic updates on behalf of some other clients (such as DHCP servers).
Domain Adminsmatrix.orgDesignated administrators of the domain
Domain Computersmatrix.orgAll workstations and servers joined to the domain
Domain Controllersmatrix.orgAll domain controllers in the domain
Domain Guestsmatrix.orgAll domain guests
Domain Usersmatrix.orgAll domain users
Enterprise Adminsmatrix.orgDesignated administrators of the enterprise
Enterprise Key Adminsmatrix.orgMembers of this group can perform administrative actions on key objects within the forest.
Enterprise Read-only Domain Controllersmatrix.orgMembers of this group are Read-Only Domain Controllers in the enterprise
Event Log Readersmatrix.orgMembers of this group can read event logs from local machine
Group Policy Creator Ownersmatrix.orgMembers in this group can modify group policy for the domain
Guestsmatrix.orgGuests have the same access as members of the Users group by default, except for the Guest account which is further restricted
Hyper-V Administratorsmatrix.orgMembers of this group have complete and unrestricted access to all features of Hyper-V.
IIS_IUSRSmatrix.orgBuilt-in group used by Internet Information Services.
Incoming Forest Trust Buildersmatrix.orgMembers of this group can create incoming, one-way trusts to this forest
Key Adminsmatrix.orgMembers of this group can perform administrative actions on key objects within the domain.
Network Configuration Operatorsmatrix.orgMembers in this group can have some administrative privileges to manage configuration of networking features
Performance Log Usersmatrix.orgMembers of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer
Performance Monitor Usersmatrix.orgMembers of this group can access performance counter data locally and remotely
Pre-Windows 2000 Compatible Accessmatrix.orgA backward compatibility group which allows read access on all users and groups in the domain
Print Operatorsmatrix.orgMembers can administer printers installed on domain controllers
Protected Usersmatrix.orgMembers of this group are afforded additional protections against authentication security threats. See http://go.microsoft.com/fwlink/?LinkId=298939 for more information.
RAS and IAS Serversmatrix.orgServers in this group can access remote access properties of users
RDS Endpoint Serversmatrix.orgServers in this group run virtual machines and host sessions where users RemoteApp programs and personal virtual desktops run. This group needs to be populated on servers running RD Connection Broker. RD Session Host servers and RD Virtualization Host servers used in the deployment need to be in this group.
RDS Management Serversmatrix.orgServers in this group can perform routine administrative actions on servers running Remote Desktop Services. This group needs to be populated on all servers in a Remote Desktop Services deployment. The servers running the RDS Central Management service must be included in this group.
RDS Remote Access Serversmatrix.orgServers in this group enable users of RemoteApp programs and personal virtual desktops access to these resources. In Internet-facing deployments, these servers are typically deployed in an edge network. This group needs to be populated on servers running RD Connection Broker. RD Gateway servers and RD Web Access servers used in the deployment need to be in this group.
Read-only Domain Controllersmatrix.orgMembers of this group are Read-Only Domain Controllers in the domain
Remote Desktop Usersmatrix.orgMembers in this group are granted the right to logon remotely
Remote Management Usersmatrix.orgMembers of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.
Replicatormatrix.orgSupports file replication in a domain
Schema Adminsmatrix.orgDesignated administrators of the schema
Server Operatorsmatrix.orgMembers can administer domain servers
Storage Replica Administratorsmatrix.orgMembers of this group have complete and unrestricted access to all features of Storage Replica.
Terminal Server License Serversmatrix.orgMembers of this group can update user accounts in Active Directory with information about license issuance, for the purpose of tracking and reporting TS Per User CAL usage
Usersmatrix.orgUsers are prevented from making accidental or intentional system-wide changes and can run most applications
Windows Authorization Access Groupmatrix.orgMembers of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects