Archive for the ‘Active Directory’ Category

For organizations that use Windows Server, nearly all authentication and access control related tasks are tied to the Active Directory. Additionally, application configuration information is also sometimes stored in the Active Directory. Given everything that the Active Directory does, it would not be a stretch to think of the Active Directory as being the glue that ties all of an organization’s IT resources together. Because the Active Directory is such … Read more

In view of the rapidly increasing security risks IT enterprises are facing, securing the Active Directory from privilege misuse and abuse has become a global concern. Domain administrator rights are often granted to Active Directory users with to allow them to accomplish various tasks inside or outside of the network. However, giving large numbers of users privileged access can be problematic – occasionally leading to privilege abuse in the form … Read more

Domain, Schema and Enterprise administrators hold the keys to your Active Directory (AD) kingdom, but it’s not uncommon to find organizations routinely issuing new IT hires with domain administrator privileges to expedite access for support purposes, or at best a proliferation of privileged accounts lying dormant and unaudited, giving attackers a potential way in to your systems. If it’s a revelation that domain administrator privileges aren’t required to add, delete, … Read more

In 2016, a lot of emphasis was put on organizations protecting themselves against external security threats – especially in the light of high profile security breaches, including the FBI and World Anti-Doping Agency. However, most enterprise security executives in 2016 experienced a higher amount of attempted theft or corruption of data from internal sources rather than external ones. With this in mind, don’t repeat the same mistakes in 2017 that … Read more

Account lockouts are a common problem experienced by Active Directory users. They arise because of Account Lockout Policies configured in the default domain policy for the Active Directory domain. In this article, we will go through some of the root causes of the account lockouts and the way to simplify the troubleshooting process. Common causes of account lockouts Mapped drives using old credentials: Mapped drives can be configured to use … Read more

The Active Directory is arguably the most important part of any organization’s IT infrastructure. It’s important to be vigilant when it comes to monitoring and alerting on any changes made to this system so that you can spot any changes that may have been made in error or are damaging. Occasionally, objects can be deleted by mistake or administrators may delete objects that have been created for test purposes. Whatever … Read more

  Active Directory is the backbone of an enterprise IT infrastructure. Organizations are ready to invest heavily on its security but administrators can ensure the security of Active Directory simply by following some best practices. Here are some tips that can help you: 1. Follow a lean model for AD administration Too many cooks spoil the broth. This is especially true in the case of AD administration so you should … Read more

Inactive accounts in the Active Directory should strike fear in the hearts of IT admins. They may appear harmless as they lay dormant, unused and inactive, but they are an open invitation for anyone looking to compromise an organization’s security. Why do inactive accounts matter—aren’t they harmless? Inactive accounts may appear docile but they can cause fatal damages to an organization, especially when they are not disabled or when they … Read more

Passwords have for a very long time been used to prove identity and authenticate user access to resources. As time has gone by, to increase security we have made password requirements more complex and frequently changing passwords a necessity. However, in the pursuit of better security we have ignored the very fact that made password-based security preferable over other approaches – its simplicity. Asking for increasingly complex passwords and then … Read more

Even though there are a lot of books and papers that discuss Active Directory security, incidents of AD security breach just don’t seem to stop. What can be the reason for this? Are IT admins just not being able to grasp the tinges of AD security? Or Are they unable to adapt to the new, advanced threats that are being invented every day? Both of these could be the reasons. … Read more

Lepide® is a Registered Trademarks of Lepide Software Private Limited. © Copyright 2017 Lepide Software Private Limited. All Trademarks Acknowledged.