Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/the-useless-one/pywerview/llms.txt

Use this file to discover all available pages before exploring further.

get-domainpolicy retrieves and parses the GptTmpl.inf security template from one of two well-known GPOs baked into every Active Directory domain. With --source domain (the default), it pulls the Default Domain Policy ({31B2F340-016D-11D2-945F-00C04FB984F9}), which governs password complexity, minimum length, lockout thresholds, and Kerberos ticket lifetime settings enforced domain-wide. With --source dc, it targets the Default Domain Controllers Policy ({6AC1786C-016F-11D2-945F-00C04FB984F9}), which holds the domain controllers’ audit policy and privilege-right assignments. For DC policy output, adding --resolve-sids translates the raw SID strings in [Privilege Rights] into readable DOMAIN\account names, making it straightforward to spot overly permissive privilege grants such as SeDebugPrivilege or SeTcbPrivilege assigned to non-administrator accounts.

Flags

-t, --dc-ip
string
required
IP address of the domain controller to target.
-w, --workgroup
string
Name of the domain to authenticate with (e.g. contoso.com).
-u, --user
string
Username used to connect to the domain controller.
-p, --password
string
Password associated with the specified username.
--hashes
string
NTLM hashes for pass-the-hash authentication. Format: [LMHASH:]NTHASH.
-k
boolean
Use Kerberos authentication. Reads credentials from the ccache file pointed to by KRB5CCNAME. Requires pywerview[kerberos].
--tls
boolean
Force a TLS (LDAPS) connection to the domain controller.
-l, --logging-level
string
Logging verbosity sent to stderr. Choices: CRITICAL (default), WARNING, DEBUG, ULTRA.
--json
boolean
Print results as JSON instead of the default human-readable format.
--source
string
default:"domain"
Which built-in policy GPO to query. Accepted values:
  • domain — Default Domain Policy (password policy, Kerberos settings)
  • dc — Default Domain Controllers Policy (audit policy, privilege rights)
-d, --domain
string
Domain to query. Defaults to the domain inferred from the target DC or credentials.
--resolve-sids
boolean
Resolve SID strings in the [Privilege Rights] section to human-readable DOMAIN\account names. Only meaningful when --source dc is used; silently ignored for domain policy output.

Examples

# Retrieve the default domain policy (password & Kerberos settings)
pywerview get-domainpolicy -t dc.contoso.com -u alice -p 'P@ssw0rd' -w contoso.com

# Retrieve the domain controllers policy (includes audit settings)
pywerview get-domainpolicy -t dc.contoso.com -u alice -p 'P@ssw0rd' -w contoso.com --source dc

# Resolve SIDs in privilege-rights entries for readable output
pywerview get-domainpolicy -t dc.contoso.com -u alice -p 'P@ssw0rd' -w contoso.com \
  --source dc --resolve-sids

# Pass-the-hash to query DC policy
pywerview get-domainpolicy -t dc.contoso.com -u alice --hashes :a87f3a337d73085c45f9416be5787d86 \
  -w contoso.com --source dc --resolve-sids

# JSON output for structured ingestion
pywerview get-domainpolicy -t dc.contoso.com -u alice -p 'P@ssw0rd' -w contoso.com --json

Build docs developers (and LLMs) love

Get started for freeTalk to us