Member Of

Description

The Source security principal is a member of the Target group. Therefore, it benefits from all the access rights that the group holds, such as accessing file shares, assuming roles in business applications, etc.

Exploitation

Attackers do not have to do anything to exploit this attack relation. They only need to authenticate as the Source security principal to get the Target group in their local or remote security token, or Kerberos ticket.

Remediation

If the Source security principal is an illegitimate member of the Target group, then you must remove it.

You can use any standard Active Directory administration tool such as "Active Directory Users and Computers" or PowerShell such as Remove-ADGroupMember.

See also

• Add Key Credential

• Add Member

• Allowed To Act

• Allowed To Delegate

• Belongs To GPO

• DCSync

• Grant Allowed To Act

• Has SID History

• Implicit Takeover

• Inherit GPO

• Linked GPO

• Owns

• Reset Password

• RODC Manage

• Write DACL

• Write Owner