# To-Do

This page contains a small list of stuff I still want to do and note down to keep track off. Which I might forget. So this isn't a complete list of stuff!

* Research the account operator group privileges more. There should be something to become DA! Generic all on all these groups:

![](/files/JRspm4lf4WZKZnZeMn29)

* Add a enumeration section to the attack path manual for enumerating the domain with PowerView and BloodHound. Either make one page on how to enumerate a domain for example or add it inbetween the already existing sections.
* Add GPO's to disable/enable the firewall and defender on specific machines? Crackmapexec doesn't work nicely with the firewall enabled. Test if this is only with local admin account or all local admins? Also with DA? Also check <https://github.com/Mr-Un1k0d3r/SCShell>
* Big overview of how the trusts works and who can authenticate to who to explain the forest overview


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ad-lab.gitbook.io/building-a-windows-ad-lab/lab-setup/to-do.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.