MachineAccountQuota is USEFUL Sometimes: Exploiting One of Active Directory’s Oddest Settings
MachineAccountQuota (MAQ) is a domain level attribute that by default permits unprivileged users to attach up to 10 computers to an Active Directory (AD) domain. My first run-in with MAQ was way back in my days as a network administrator on a new job. I was assigned the task of joining a remote location’s systems […]