sids.add(user.get("objectSid"))
# Everyone, Authenticated Users, Users
sids |= set(["S-1-1-0", "S-1-5-11", "S-1-5-32-545"])
# Domain Users, Domain Computers, etc.
primary_group_id = user.get("primaryGroupID")
if primary_group_id is not None:
sids.add("%s-%d" % (self.domain_sid, primary_group_id))
# Add Domain Computers group
logging.debug(
"Adding Domain Computers to list of current user's SIDs"
)
sids.add("%s-515" % self.domain_sid)
When Certipy uses a user account, it adds Domain Computers to list of current user's SIDs. But when a machine account is used, Domain Users group is not added to the list of current user's SIDs. It may confuse someone, especially when Certipy is used by system administrators to protect their systems.
https://github.com/ly4k/Certipy/blob/2780d5361121dd4ec79da3f64cfb1984c4f779c6/certipy/lib/ldap.py
When Certipy uses a user account, it adds Domain Computers to list of current user's SIDs. But when a machine account is used, Domain Users group is not added to the list of current user's SIDs. It may confuse someone, especially when Certipy is used by system administrators to protect their systems.