Belongs To GPO


The Source GPO file or folder in the SYSVOL share belongs to the target GPC (GPO), which means that it defines the settings or programs/scripts that the GPO applies.


This is not an attack relation that an attacker would use in isolation. However, as an example, it can show complete attack paths where attackers who have control over a GPO file/folder belonging to a GPO can force arbitrary settings or launch scripts on the users/computers at the end of the attack path.


This relation shows how GPO files and folders found in SYSVOL are related to the corresponding GPC (GPO) object. This is normal and by design.

Therefore, there is no need for remediation.

See also