ADDS Security

From WikiWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Things to audit

in AD

  • Sensitive, well known security Groups (Domain Admins, Enterprise Admins, Administrators) and its members
  • Issued Certificates for users in sensitive, well known security groups
  • Issued Certificates with Authentication Mechanism Assurance
  • ACL on root
  • ACL on OU's/Users/Groups
  • ACL on AdminSDHolder
  • ACL on GPO's
  • ACL with replication permission
  • Passwords of users
  • Kerberos keys, golden/silver tickets/krbtgt hash
  • Kerberoast
  • Unexpected User User Account Control values
    • Store password using reversible encryption on accounts
  • SIDHistory values

In Config Partition

In DNS

  • Secure Updates

In Group Policy

  • Creation of Security Groups or Users on clients
  • Definition of logon/startup scripts
  • Modification of logon/startup scripts in sysvol
  • Unexpected User Rights Assignments

On DC

Sources