Tag: Account management

Compromising the credentials of Active Directory accounts remains a primary way for adversaries to gain a foothold in an organization’s IT ecosystem. They use a range of tactics, including credential stuffing, password spraying, phishing and brute-force attacks This blog post details key best...

The Active Directory GUI management tools, like Active Directory Users and Computers (ADUC), are fine for performing operations against single accounts. But when you need to deal with multiple AD accounts, PowerShell is a more flexible tool. In this post, I’ll show you how to use PowerShell to...

In this tip, I will show you how to enable auditing for changes to permissions on Active Directory objects. The following changes will log Event ID 5136 whenever someone successfully delegates or changes permissions on an object in Active Directory. Handpicked related content: [Free...

Security permissions in Active Directory can be a tricky topic. Not only does Microsoft hide them from you by default in Users and Computers, there is also no built-in tool to get an overall picture of how permissions have been applied to AD. In this article, I’ll take you through the basics...

As an administrator, you have to ensure that your network is secure.  A big part of that includes deciding on a password strategy for user accounts and administrator accounts.  You can educate your users on best practices for password creation but you can also enable policies that force users to...

Employment termination, as well as taking aboard the new hires, is an ongoing process for every organization. People get fired, quit/resign, replacements are found – it’s a never-ending story. IT departments, among others, have to handle account deletions and other actions related to employee...

Active Directory is a centralized directory service that manages domain computer and user accounts, and device configuration using Group Policy. But with the exception of domain controllers (DCs), devices joined to a domain retain local user accounts. In a domain environment, local administrator...

Picture this.  You work at a company that prides itself on it’s security practices.  They’ve got firewalls, IDS/IPS systems, routinely perform security audits, keep patches up to date and have a really expensive SIEM product that generates alerts the moment something fishy goes on. A very...

Inactive Active Directory (AD) user accounts can pose a security risk to organizations, in situations such as when former employees still have active accounts months after leaving the company because HR failed to inform IT, or accounts might be created for a particular purpose but never deleted...

Microsoft introduced the Protected Users group in Windows Server 2012 R2 and Windows 8.1, and it’s designed to harden accounts that are group members, in particular to protect against pass-the-hash attacks by disabling the use of NT LAN Manager (NTLM), a legacy authentication protocol that’s...