Protect Administrative Accounts with Authentication Policies and Silos

Introduction One of the recommendations to protect privileged accounts from credential theft is to prevent administrative accounts from exposing credentials to unsecure computers, on this post I will show you how to protect administrative accounts using Authentication Policies and Silos. Definition A quick definition from Microsoft web site.Authentication policy silos and the accompanying policies provide … Continue reading Protect Administrative Accounts with Authentication Policies and Silos →

Audit Access to C$

Hi Guys, a customer asked me for a visibility about who is accessing C$ on his environment, users were claiming about admins that are using domain admins privileges to access c$ on client computers. What this customer asked for is a daily report about who is accessing c$. Using Event forwarding and PowerShell we were … Continue reading Audit Access to C$ →

Step by Step: Enforce Require LDAP Signing on domain controllers. Part 2

Introduction On Part 2 of this post, I will show how to request a certificate for a domain controller to use LDAPS, we will see also why we should never use simple bind on clear text. This post is intended to give you an action plan on how you can Enforce Require LDAP Signing on … Continue reading Step by Step: Enforce Require LDAP Signing on domain controllers. Part 2 →

Step by Step: Enforce Require LDAP Signing on domain controllers. Part 1

Introduction: One of the security settings that Microsoft recommend applying on domain controllers is to Require LDAP Signing. Requiring LDAP signing is one policy setting that can be applied on a few seconds using group policy, but what is the impact of applying this setting in your production environment? In most customer environments I visited, … Continue reading Step by Step: Enforce Require LDAP Signing on domain controllers. Part 1 →

Step by Step: Safely disabling SMB v1 from your production environment.

Introduction: In this blog I will not cover why we have to remove SMB v1 from production network, this have been already covered, probably one of the best articles covering this is https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/ I will cover how you can audit the usage of SMB v1 in your network, so you can disable it safely without … Continue reading Step by Step: Safely disabling SMB v1 from your production environment. →