detection

The rationality of the GPO to perform

high

Language:

describe

CSEs is a process in GPO applied commonly in field at very high privilege on a computer executive components.So we must make sureGPO contained in each Client - Side Extension (CSE) is reasonable, and after a trusted party certification.

It is also important,Before applying any content, ensure all the computer retrieval GPO file from the safety position.

The solution

Unknown CSEs is considered a risk should be deleted, or in the case of risk acceptance will be included in the white list.GpcFileSysPath properties should be pointing to the safe place, such as SYSVOL share share.

See also

The Microsoft Open Specification on the Client Side - the Extension

Additional explanations about GPOs and their dangers

MS15-011 bulletin regarding "UNC Hardened Access"

The Microsoft Open Specification on Group Policy Object

Detailed information

The name of the:The rationality of the GPO to perform

Code name:C - GPO - EXEC - SANITY

severity:High

MITRE ATT&CK information:

Strategy:TA0003,TA0008

Baidu
map