ADDS Security

From WikiWiki
Revision as of 11:43, 24 January 2017 by Mendel (talk | contribs) (Created page with "=Things to audit= ==in AD== * Sensitive, well known security Groups (Domain Admins, Enterprise Admins, Administrators) and its members * Issued Certificates for users in sensi...")
(change visibility) (diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Things to audit

in AD

  • Sensitive, well known security Groups (Domain Admins, Enterprise Admins, Administrators) and its members
  • Issued Certificates for users in sensitive, well known security groups
  • Issued Certificates with Authentication Mechanism Assurance
  • ACL on root
  • ACL on OU's/Users/Groups
  • ACL on AdminSDHolder
  • ACL on GPO's
  • ACL with replication permission
  • Passwords of users
  • Kerberos keys, golden tickets
  • Unexpected User User Account Control values
  • SIDHistory values


In Config Partition

In DNS

  • Secure Updates

==In Group Policy

  • Creation of Security Groups or Users on clients
  • Definition of logon/startup scripts
  • Modification of logon/startup scripts in sysvol


=On DC