logo
March 27, 2019 | Russell Smith

How to lock, unlock, enable and disable AD accounts with PowerShell

The Active Directory GUI management tools, like Active Directory Users and Computers (ADUC), are fine for performing operations against single accounts. But when you need to deal with multiple AD accounts, PowerShell is a more flexible tool. In this post, I’ll show you how to use PowerShell to...
August 23, 2019 | Russell Smith

Security Tip: Detect Permission Changes in Active Directory

In this tip, I will show you how to enable auditing for changes to permissions on Active Directory objects. The following changes will log Event ID 5136 whenever someone successfully delegates or changes permissions on an object in Active Directory. The first step is to enable auditing of...
February 22, 2019 | Matt Hopton

Detecting Delegated Permissions in Active Directory

Security permissions in Active Directory can be a tricky topic. Not only does Microsoft hide them from you by default in Users and Computers, there is also no built-in tool to get an overall picture of how permissions have been applied to AD. In this article, I’ll take you through the basics...
March 27, 2019 | Troy Thompson

Group Policy for Password Monitoring

As an administrator, you have to ensure that your network is secure.  A big part of that includes deciding on a password strategy for user accounts and administrator accounts.  You can educate your users on best practices for password creation but you can also enable policies that force users to...
March 27, 2019 | Jeff Melnick

How to Detect Who Disabled a User Account in Active Directory

Users whose accounts have been disabled, either accidentally or maliciously, are unable to log into IT systems using Windows authentication. Those who are already logged in might experience problems accessing email, files, SharePoint, etc. By native auditing you should go through 6 steps listed...
March 27, 2019 | Jeff Melnick

How Should IT Handle User Termination

Employment termination, as well as taking aboard the new hires, is an ongoing process for every organization. People get fired, quit/resign, replacements are found – it’s a never-ending story. IT departments, among others, have to handle account deletions and other actions related to employee...
February 25, 2019 | Russell Smith

Manage Local Administrator Account Passwords using LAPS

Active Directory is a centralized directory service that manages domain computer and user accounts, and device configuration using Group Policy. But with the exception of domain controllers (DCs), devices joined to a domain retain local user accounts. In a domain environment, local administrator...
February 25, 2019 | Adam Bertram

Local Administrator Group Changes: Get Notified with PowerShell

Picture this.  You work at a company that prides itself on it’s security practices.  They’ve got firewalls, IDS/IPS systems, routinely perform security audits, keep patches up to date and have a really expensive SIEM product that generates alerts the moment something fishy goes on. A very...
March 27, 2019 | Russell Smith

How to Disable Inactive User Accounts Using PowerShell

Inactive Active Directory (AD) user accounts can pose a security risk to organizations, in situations such as when former employees still have active accounts months after leaving the company because HR failed to inform IT, or accounts might be created for a particular purpose but never deleted...
February 25, 2019 | Russell Smith

Add Sensitive User Accounts to the Active Directory Protected Users Group

Microsoft introduced the Protected Users group in Windows Server 2012 R2 and Windows 8.1, and it’s designed to harden accounts that are group members, in particular to protect against pass-the-hash attacks by disabling the use of NT LAN Manager (NTLM), a legacy authentication protocol that’s...
Show more articles
...