Script: Replace users with local admin rights against groups

Users are often added to the local "Administrators" group on servers or PCs to give users admin rights on the corresponding computers. Although this is the easiest way to configure admin rights for a user account, it is unfortunately easy to lose track. Here is an example of the members of the local administrator group of a server: The users ... Read more

Simple measures for more safety in AD (Part 3): LAPS

This third part of the article series "Simple measures for more security in AD" deals with the passwords of local administrator accounts. In many environments, the local administrator passwords are always the same, but this sometimes opens the door to malware and makes lateral movement possible or at least simplifies it. Different passwords for the ... Read more

Simple measures for more security in AD (Part 3): Admin Tiers

I have already described the basic functionality of Admin Tiers in Part 1 of this article series; this article will now focus on setting up Admin Tiers in an existing environment. Basically, it makes sense if at least one Admin Host has already been installed. By and large, this article is first of all about ... Read more

Simple measures for more security in AD (Part 2): Admin Host

Part 1 of this article series has already presented measures to improve the security of the Active Directory. The next articles are now dedicated to the implementation of these measures within an existing Active Directory using an example environment. This article will first deal with the Admin Host. Introduction The fictitious company "FrankysWebLab" can be used as an example here. Read more

Active Directory: Simple measures for more security (Part 1)

To increase security within the Active Directory, small organizational measures in conjunction with free tools are usually sufficient. Many widespread attack vectors can at least be significantly curbed with a few small changes and fairly simple measures. The word "attacker" often appears in the following article, but "attacker" does not necessarily mean a ... Read more

Tip: ADACLScanner helps to audit the Active Directory

Especially in larger and above all older Active Directory environments, a large number of authorizations and delegations accumulate over time. These often include authorizations with orphaned SIDs, for example if the user has already been deleted but the ACL still exists. Many people are familiar with these orphaned SIDs from file servers and their authorization structure. In order to ... Read more

Active Directory and Exchange Server vulnerable via EWS API

There is currently a security vulnerability in all Exchange Server versions, which makes it possible to obtain domain administrator authorizations via EWS or, for example, to redirect emails. What makes this vulnerability particularly critical is that it can be exploited remotely. The attacker only needs to have access to a mailbox on the Exchange Server. Since the EWS API and often also ... Read more

Migration Domain Controller to Server 2016

I have now received several emails regarding the migration of domain controllers that are still running an older operating system. Most of the emails are about retaining the IP address of the original domain controller. The environments described in the e-mails were all similar, only the operating system on which the original domain controller was running ... Read more