- The New Technology File System (NTFS) stands out for its robust and comprehensive security features, particularly its use of Access Control Lists (ACLs). Unlike other file systems that primarily embed ACLs within files and directories, NTFS extends this granular level of control to a wide array of objects within the Windows operating system. This includes not just files and folders but also user objects, group objects, organizational units (OUs), Group Policy Objects (GPOs), Services, Applications, and more.
- In this lab, we'll look at how ACLs are used to secure objects within the NTFS filesystem.
Let's start Fresh!
- Delete your current machines and restore the Domain from the backup you made in Lab 1
Log into your Domain Controller and open ‘Active Directory Users and Computers.’
In this lab, we are going to do the following:
- Create a series of Users and Groups with their ACLs intentionally misconfigured so that a low-level user can laterally move from one user or group to another.
- We'll look at tools on Kali Linux that will allow us to identify these misconfigurations from the perspective of an authenticated user.
- We'll utilize PowerSploit, an Active Directory penetration testing toolset, to enumerate and exploit our misconfigured environment.
We will start by creating three groups within our Domain.
- Right-click Users at the domain level and select New —> Group.
Call it T1_Group
Do this two more times
- Create
T2_Group
- Create
T3_Group
You should have three groups created:
