# PowerView [PowerView ](https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon)is a great tool for domain enumeration part of the PowerSploit collection. Almost every function is available in Empire too. Although each function is pretty self-explainable and you should explore it yourself I'll provide some hints here. I can also highly recommend reading the source code for these kinds of Powershell based hacking tools, because there are usually tons of tips and examples bundled with them. Harmj0y has tips and tricks on his Github too ## User functions `Invoke-EnumerateLocalAdmin` Enumerates members of the local Administrators groups across all machines in the domain. ## Group functions `Get-NetLocalGroup -ComputerName MX01 -GroupName "Remote Management Users"` Gets members of users who can use WinRM on a specific machine. `Get-NetLocalGroup -ComputerName MX01 -GroupName "Remote Desktop Users"` Gets members of users who can RDP to a specific machine. ## GPO functions `Get-NetGPOGroup -ResolveMemberSIDs` Gets all GPOs in a domain that set "Restricted Groups" on on target machines, and resolve the SIDs of the member groups or users. `Find-GPOLocation -UserName testuser -LocalGroup RDP` Takes a speicifc user or group and checks where the user has access to through GPO enumeration. Here we can see what boxes testuser can RDP into. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://hunter2.gitbook.io/darthsidious/enumeration/powerview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.