GenericAll is a control primitive. The correct abuse is selected from the object type, current access, and operational objective.
| Target | Required right | Abuse path | Linux tooling | Windows tooling | Response focus |
|---|---|---|---|---|---|
| User | GenericAll | Reset password, add Shadow Credentials, or modify account attributes | bloodyAD, certipy shadow, pywhisker.py | PowerView Set-DomainUserPassword, Set-DomainObject, AD module | Remove malicious attributes, rotate credentials, review account use |
| Group | GenericAll | Add controlled member or change group attributes | bloodyAD add groupMember, net rpc | PowerView Add-DomainGroupMember, AD module | Remove added members and repair group ACLs |
| Computer | GenericAll | Add Shadow Credentials, modify delegation-related attributes, or reset computer password where appropriate | certipy shadow, bloodyAD, Impacket tooling | PowerView Set-DomainObject, AD module | Clear malicious attributes and review computer account authentication |
| OU | GenericAll | Modify child object control, linked GPO paths, or delegated permissions | bloodyAD, dacledit.py | PowerView Add-DomainObjectAcl, GPMC/AD module | Review inherited permissions and linked GPO changes |
| GPO | GenericAll | Modify policy content or delegation to execute code on linked targets | pyGPOAbuse.py, SMB tooling | PowerView, GPMC, native policy tooling | Restore GPO from known-good state and review SYSVOL changes |