Lateral Movement with Group Policy Object (GPO)

Description

Creates a Group Policy Object to run an ImmediateTask on the target system.

Overview

This PowerShell script automates the deployment of a Group Policy Object (GPO) that runs a specified command as a scheduled task across a domain. It begins by establishing a session with the target domain using either impersonation or provided credentials. Once authenticated, the script generates a payload command using a specified build, then creates a new GPO named according to the provided policy name.

It adds an immediate scheduled task to the GPO with extensive customization options, including task name, description, execution path, arguments, author, run-as user, visibility, wake-to-run behavior, multiple instance handling, and priority level. The task can also be filtered to specific computers using the ComputerFilter parameter.

Finally, the script links the GPO to the root of the domain, ensuring the task is applied accordingly.

Parameters

Name Type Description
Username string The username for authentication.
Password string The password for authentication.
Domain any The domain to connect to.
DomainController any The domain controller to connect to.
PolicyName any The name of the GPO to create.
ComputerFilter string Optional filter to limit the computers the task applies to.
Build string The payload build to deploy to the target.
TaskName string The name of the task to create or modify.
TaskDescription string Optional description for the task.
Author string The author of the scheduled task.
GUID string The unique identifier (GUID) for the task.
RunAsUser string The user account under which the task should run.
Hidden bool Indicates whether the task should be hidden.
WakeToRun bool Indicates whether the task should wake the computer to run.
MultipleInstancesPolicy string Specifies the behavior when multiple instances of the task are triggered.
Priority string Specifies the priority level for the scheduled task.
Scroll to Top