Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ccob/dgpoedit

Disconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines
https://github.com/ccob/dgpoedit

bypass gpo hook inject

Last synced: 4 days ago
JSON representation

Disconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines

Host: GitHub
URL: https://github.com/ccob/dgpoedit
Owner: CCob
License: apache-2.0
Created: 2024-09-04T16:35:02.000Z (2 months ago)
Default Branch: master
Last Pushed: 2024-09-04T17:14:07.000Z (2 months ago)
Last Synced: 2024-09-12T19:50:39.013Z (2 months ago)
Topics: bypass, gpo, hook, inject
Language: C#
Homepage:
Size: 15.6 KB
Stars: 28
Watchers: 1
Forks: 3
Open Issues: 0
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE.txt

Awesome Lists containing this project

README

# Disconnected GPO Editor

## Introduction

Disconnected GPO Editor is a launcher for the official Group Policy Manager to bypass the domain joined requirement that is needed when using the official MMC snap-in.

The tool works by injecting a C# library into MMC that will hook the `GetUserNameExW` API calls to trick GPM into believing that the logged on user is a domain user. Hooks are also placed on the `NtCreateFile` API to redirect file paths that would typically be resolved via DFS to a specific domain controller instead.

## Prerequisites

Since DGPOEdit relies on the gpmc.msc and gpme.msc snap-ins, you'll first need to install the Windows Remote Server Administration Tools (RSAT) on the non domain joined host you'll be operating from.

## Usage

mmc.exe is marked for auto elevation, therefore launching of `DGPOEdit.exe` should be performed from an elevated command prompt that has either got a relevant TGT with correct permissions imported into the same luid session or alternatively the session has been created using `runas /netonly`. This will ensure that the relevant Kerberos tickets will be fetched automatically or NTLM credentials are used for outbound network connections when `runas /netonly` has been used.

### Launching Group Policy Manager

To launch GPM to target a specific Active Directory domain, simply supply the DNS domain name of the target.

```
DGPOEdit ad.target.com
```

### Launching Group Policy Editor

You can also use DGPOEdit to edit a specific GPO without first using the manager snap-in.

```
DGPOEdit /s /gpobject:"LDAP://dc.ad.target.com/cn={31B2F340-016D-11D2-945F-00C04FB984F9},cn=policies,cn=system,DC=ad,DC=target,DC=com"
```
The LDAP path to the target GPO can be determined via your favorite LDAP explorer tool like ADExploer.

### Release

Precompiled binaries can be found on the [Releases](https://github.com/CCob/DGPOEdit/releases) page