Forum Discussion

MarshMadness's avatar
MarshMadness
Copper Contributor
Apr 14, 2021

Local Group Enumeration in MDE?

Wondering if it is possible to enumerate local group membership (Administrators, Remote Desktop Admins etc.) via Defender for Endpoint.  If not directly, perhaps there is a way via Advanced Hunting?

I did a quick look but did not find anything obvious.

 

Thanks in advance,

 

Kevin

  • Hi Kevin, unfortunately MDE does not currently have the capacity to do this. One option could be to write a custom PowerShell script that works with Live Response.

Resources