Updated to reflect that 'it depends'

Author: Your Name

TierZeroTable.csv

@@ -37,9 +37,9 @@ WHERE n.objectid ENDS WITH 'S-1-5-32-569'
 RETURN n";YES;NO;1;https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups#cryptographic-operators
 DHCP Administrators;AD group;Active Directory;CN: DHCP Administrators;"Members of the DHCP Administrators group have administrative access to DHCP servers. This group is created when the DHCP Server role is installed on a Windows Server. Members can view and modify all aspects of DHCP server configuration.
 
-The security impact of this group depends on where the DHCP service is running. According to Akamai research, 57% of organizations have a DHCP server installed on a domain controller.";NO;YES - Takeover;YES;"DHCP Administrators can escalate privileges to Tier Zero when DHCP runs on domain controllers or Tier Zero systems. Akamai research demonstrates privilege escalation via DHCP option abuse, enabling Kerberos coercion attacks followed by AD CS relay attacks. This can lead to compromise of the DHCP machine account and potentially the domain controller.
+The security impact of this group depends on where the DHCP service is running. According to Akamai research, 57% of organizations have a DHCP server installed on a domain controller.";NO;YES - Takeover;IT DEPENDS;"DHCP Administrators can escalate privileges to Tier Zero when DHCP runs on domain controllers or Tier Zero systems. Akamai research demonstrates privilege escalation via DHCP option abuse, enabling Kerberos coercion attacks followed by AD CS relay attacks. This can lead to compromise of the DHCP machine account and potentially the domain controller.
 
-Classification note: When DHCP runs only on network appliances without access to domain infrastructure, the group may be limited to Tier 1. However, with 57% of environments running DHCP on domain controllers, this represents a significant Tier Zero risk in most deployments and is classified as Tier Zero accordingly.";"MATCH (n:Group)
+When DHCP runs only on network appliances without access to domain infrastructure, the group is limited to Tier 1. However, with 57% of environments running DHCP on domain controllers, this represents a Tier Zero risk in common deployments.";"MATCH (n:Group)
 WHERE n.name STARTS WITH 'DHCP ADMINISTRATORS@'
 RETURN n";NO;NO;Community contribution;"https://www.akamai.com/blog/security-research/abusing-dhcp-administrators-group-for-privilege-escalation-in-windows-domains"
 Distributed COM Users;DC group;Active Directory;SID: S-1-5-32-562;"Members of the Distributed COM Users group can launch, activate, and use Distributed COM objects on the computer. Microsoft Component Object Model (COM) is a platform-independent, distributed, object-oriented system for creating binary software components that can interact. Distributed Component Object Model (DCOM) allows applications to be distributed across locations that make the most sense to you and to the application. This group appears as an SID until the domain controller is made the primary domain controller and it holds the operations master (also called the flexible single master operations or FSMO) role.