# launch ps and bypass the execution policy powershell -ep bypass # load powerview . .\PowerView.ps1 # Get infos Get-NetDomain Get-NetDomainController (Get-DomainPolicy)."system access" # look for shares Invoke-ShareFinder # gpo Get-NetGPO