# ACL Enum

## ACL Enum

Access Control List

**#Get the ACLs associated with the specified object** Get-ObjectAcl -SamAccountName student1 –ResolveGUIDs

**#GenericWrite for all users > under advanced > Write all properties** Get-ObjectAcl -SamAccountName \* –ResolveGUIDs | ? { ($*.ActiveDirectoryRights -match 'GenericWrite') -and ($*.SecurityIdentifier -match 'S-1-5-21-1070240333-336889418-1185445934-1603') }

\#**Get ACLS with Invoke Scanner(scans the domain for all interesting abusable permissions)**

Invoke-ACLScanner -ResolveGUIDs

**Refrerence :-** <https://medium.com/r3d-buck3t/enumerating-access-controls-in-active-directory-c06e2efa8b89>