Archive for the ‘Auditing’ Category

In this blog, we will be going through how the AdminSDHolder object in Active Directory can be used in Active Directory attacks. We will also go through what you can do to help defend against AdminSDHolder attacks and how LepideAuditor can help make this process easier. What is an AdminSDHolder? Essentially, the AdminSDHolder is an object in Active Directory that acts as a security descriptor template for protected accounts and … Read more

Disclaimer – the perfect overall security strategy will include endpoint security. I am in no means saying that endpoint security is worthless. However, in this article I will attempt to justify why I think it is far more beneficial to look at your security strategy from a data-centric standpoint. I believe that many organizations are still adopting old methods of data protection, believing that firewalls, anti-virus and network access controls … Read more

First things first, what is Group Policy? Group Policy is a feature of Windows that facilitates a wide variety of advanced settings that network administrators can use to control the working environment of users and computer accounts in Active Directory. It essentially provides a centralized place for administrators to manage and configure operating systems, applications and users’ settings. Group Policies, when used correctly, can enable you to increase the security … Read more

Active Directory plays such an important part in the makeup of most organizations’ IT infrastructure, that it automatically becomes the first target for attackers. If an attacker gets into one of your user accounts, any you don’t know that it’s happened, it’s only a matter of time before you are the victim of a disastrous data breach (especially is this user account has special privileges). Understanding LDAP plays an important … Read more

Recently we published a blog about five key PowerShell commands that you need to help you better manage Active Directory. As this blog was so well received, we decided to do a follow up. If you want to read the original blog, then click here. Before We Begin Before you get started, you’re going to have to import Module Active Directory. Without importing the corresponding module into the PowerShell session, … Read more

PowerShell was developed so that IT operations and administrative tasks in operating systems like Active Directory could be drastically simplified and automated to save huge amounts of time and effort. PowerShell is able to integrate with services and applications to help administrators get complete control over the management of both clients and servers. With every new update of the underlying framework, PowerShell becomes more advanced and more features become available. … Read more

Auditing any of your critical IT infrastructure is a process that involves collecting information into readable reports, analyzing those reports and taking the required action to ensure the security and integrity of that system. Group Policy is no different. For effective Group Policy Auditing, you need to be able to report on changes in such a way that enables you to take the right steps to ensure restrictions and controls … Read more

Both share and NTFS permissions serve the same purpose within Windows environments; namely, to help you prevent unauthorized access to your critical folders. However, there are some critical differences between the two that will determine which one you use. In this blog we will learn about what share permissions and NTFS permissions are, what the differences between the two are and the best practices for using them. What Are Share … Read more

It will come as no surprise that Windows out of the box isn’t secure. Many of the vulnerabilities that exist within Windows can be addressed through Group Policy Objects (GPOs). Group Policy allows administrators to control the working environment of both user and computer accounts. If used correctly, GPOs can, for example, allow you to work towards a policy of least privilege where users have permissions based on their job … Read more

Active Directory is a critical part of any organization’s IT infrastructure. Unwanted changes in Active Directory could result in potentially disastrous consequences for the security of data. Changes to user accounts, passwords, group memberships and more could lead to excessive permissions and increased risk of privilege abuse. For those reasons, and more, it is essential that you continuously and proactively audit Active Directory changes. If you’re unsure where to start, … Read more