Security Focus: Check Active Directory for Anonymous Access

In Active Directory there's a little-loved, all-but-forgotten, built-in group that needs attention! Pre-Windows 2000 Compatible Access   This group is a 'backward compatibility group which allows read access on all users and groups in the domain'. Now, when you enable pre-Windows 2000 compatibility, the special identity ANONYMOUS LOGON is added as a member of the…

1

Security Focus: Analysing 'Account is sensitive and cannot be delegated' for Privileged Accounts

There are a number of configuration options we recommend for securing high privileged accounts. One of them, enabling 'Account is sensitive and cannot be delegated', ensures that an account’s credentials cannot be forwarded to other computers or services on the network by a trusted application.    The feature that allows an application to act on behalf of a user…

2

Prepopulate Passwords to RODCs with PowerShell

Hello! The sun is shining, spring has sprung and it’s nearly the weekend… life is sweet! Today, I’m going to talk about using the AD Replication cmdlets, introduced with Windows Server 2012, to prepopulate passwords to your RODCs. No more repadmin, no more DSA.msc… just pure, unadulterated PowerShell. Today gets better and better! Let’s begin… I…

0