-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathDACLPrevention_config.json
34 lines (34 loc) · 1.53 KB
/
DACLPrevention_config.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
{
"rules": [
{
"users": ["OREZ\\DC01$", "NT AUTHORITY\\SYSTEM"],
"action": "allow",
"audit": "off"
},
{
"operations": ["search"],
"attributes": ["admincount", "userpassword", "msds-allowedToDelegateTo", "ms-Mcs-AdmPwd", "servicePrincipalName"],
"scope": "subtree",
"action": "block"
},
{
"operations": ["search"],
"filter": "(samAccountType=805306368)",
"scope": "subtree",
"action": "block"
},
{
"operations": ["modify"],
"attributes": ["msDS-AllowedToActOnBehalfOfOtherIdentity", "servicePrincipalName", "msDS-AllowedToDelegateTo", "msDS-KeyCredentialLink", "scriptPath", "msTSInitialProgram", "gPCUserExtensionNames", "gPCMachineExtensionNames", "ntSecurityDescriptor", "ms-Mcs-AdmPwdExpirationTime", "msDS-GroupMSAMembership", "altSecurityIdentities", "msDS-AdditionalDnsHostName", "mSMQSignCertificates", "mSMQDigests", "sAMAccountName", "description", "displayName", "userAccountControl", "dNSHostName", "userParameters", "msDS-SupportedEncryptionTypes", "msDS-RevealOnDemandGroup", "gPCFileSysPath", "cACertificate", "primaryGroupID", "operatingSystem", "operatingSystemVersion", "EntryTTL", "userPrincipalName", "userCertificate"],
"action": "block"
},
{
"operations": ["search"],
"audit": "off"
},
{
"action": "allow",
"audit": "on",
}
]
}