ADDS Security: Difference between revisions
Jump to navigation
Jump to search
(Created page with "=Things to audit= ==in AD== * Sensitive, well known security Groups (Domain Admins, Enterprise Admins, Administrators) and its members * Issued Certificates for users in sensi...") (change visibility) |
No edit summary (change visibility) |
||
Line 22: | Line 22: | ||
* | * | ||
==In Group Policy | ==In Group Policy== | ||
* Creation of Security Groups or Users on clients | * Creation of Security Groups or Users on clients | ||
* Definition of logon/startup scripts | * Definition of logon/startup scripts | ||
Line 28: | Line 28: | ||
==On DC= | ==On DC== | ||
* [https://mendel129.wordpress.com/tag/password-filter-a-dll/ Password Filter] | * [https://mendel129.wordpress.com/tag/password-filter-a-dll/ Password Filter] | ||
* DSRM Password | * DSRM Password | ||
* All [https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx?f=255&MSPPError=-2147217396 autorun values] | * All [https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx?f=255&MSPPError=-2147217396 autorun values] |
Revision as of 12:43, 24 January 2017
Things to audit
in AD
- Sensitive, well known security Groups (Domain Admins, Enterprise Admins, Administrators) and its members
- Issued Certificates for users in sensitive, well known security groups
- Issued Certificates with Authentication Mechanism Assurance
- ACL on root
- ACL on OU's/Users/Groups
- ACL on AdminSDHolder
- ACL on GPO's
- ACL with replication permission
- Passwords of users
- Kerberos keys, golden tickets
- Unexpected User User Account Control values
- SIDHistory values
In Config Partition
In DNS
- Secure Updates
In Group Policy
- Creation of Security Groups or Users on clients
- Definition of logon/startup scripts
- Modification of logon/startup scripts in sysvol
On DC
- Password Filter
- DSRM Password
- All autorun values