JonasBK
commented
1 year ago Hi @kitchung,
Thanks for pointing this out. I agree, it would be a very cool enhancement! We would definitely approve it if anyone made a pull request for this. If that does not happen, we should look into this someday.
SharpHound does not account for Item Level Targetting when collecting local group membership collection from GPOs linked to OUs,
Group Policy Preference in a GPO can add groups or users into local administrators group only if the host has a matching NETBIOS name or member of an AD group.
I know it will be impossible for SharpHound to account for some item level targeting options such as WMI, but I believe ones that are likely used for managing local groups can, such as hostname, OU and security group membership.
Item level targeting details: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn789189(v=ws.11)