Invoke-EnumerateLocalAdmin
Enumerates members of the local Administrators groups across all machines in the domain.Get-NetLocalGroup -ComputerName MX01 -GroupName "Remote Management Users"
Gets members of users who can use WinRM on a specific machine.Get-NetLocalGroup -ComputerName MX01 -GroupName "Remote Desktop Users"
Gets members of users who can RDP to a specific machine.Get-NetGPOGroup -ResolveMemberSIDs
Gets all GPOs in a domain that set "Restricted Groups" on on target machines, and resolve the SIDs of the member groups or users.Find-GPOLocation -UserName testuser -LocalGroup RDP
Takes a speicifc user or group and checks where the user has access to through GPO enumeration. Here we can see what boxes testuser can RDP into.