In the Access rights and delegations section, the agent manages access rights to LDAP objects and certain specific files, but not to the shares created.
The agent checks access rights to LDAP objects, but also access rights to the special SYSVOL file share, which is used to store GPOs and files that can be deployed via GPO.However, the system does not carry out checks on file shares created elsewhere, even if these are in the domain under study.
This is because an audit of rights on other file shares requires knowledge of the ‘expected’ rights for each share/subfolder, and is therefore outside the scope of a fully automated evaluation.