My compagny use Group Policy Admin (https://www.microfocus.com/en-us/products/netiq-group-policy-administrator/overview) to manage GPO.
When collecting GPO, versionned GPO managed by GPA are collected, leading the the collect of 4 Default Domain Policy and wrong/false positive attack paths.
The main différence between a versionned GPO and an GPO is the presence of the Flags attributes in the Group Policy Object.
The patch just add a check for the flags attribute existence in LDAP queries to ignore versionned GPO.
My compagny use Group Policy Admin (https://www.microfocus.com/en-us/products/netiq-group-policy-administrator/overview) to manage GPO. When collecting GPO, versionned GPO managed by GPA are collected, leading the the collect of 4 Default Domain Policy and wrong/false positive attack paths. The main différence between a versionned GPO and an GPO is the presence of the Flags attributes in the Group Policy Object. The patch just add a check for the flags attribute existence in LDAP queries to ignore versionned GPO.