Technology: Microsoft Active Directory
Tenant: DynamicPacks.net
Assessment Date: 02/22/2025 18:41:46
This Introduction contains a global summary of the health and security scans performed on the company infrastructure with SmartProfiler for Active Directory Assessment. Detailed information about the scans can be found in the Health & Security Maturity Framework and Technical Findings sections of this report. The assessment was performed according to ANSSI and MITRE ATT&CK definition. ANSSI is French National Agency for the Security of Information Systems. For more information, please check out here: https://www.cert.ssi.gouv.fr/uploads/guide-ad.html. There are tests that also recommended by Microsoft have been performed too.
SmartProfiler’s Active Directory tests are divided into three main categories: AD Security, AD Configuration , and AD Health Check. You can click on each category in the left section or select the Score Category to view the associated tests and their status. Please note there are no sub-categories for AD Health Issues.
8
CRITICAL
135
HIGH
10
MEDIUM
7
LOW
124
PASSED
0
MANUAL CHECK
Shows overall Security score for AD Forest based on the tests executed by SmartProfiler. Overall Score includes Security-Config and Health AD Tests.
OVERALL SCORE
Shows overall score settings that need to be configured correctly in AD Domains. These settings are recommended by Microsoft.
SECURITY SCORE
Shows overall score settings that need to be configured correctly in AD Domains. These settings are recommended by Microsoft.
CONFIGURATION SCORE
Shows health score for AD and Domain Controllers. Health issues can be found in AD Health Status category in left pane.
HEALTH SCORE
Shows overall Security Score for AD Risky Items. Risky Items need to be addressed ASAP. Risky Items can be found in Risky Items Category.
RISKY ITEMS SCORE
Shows overall Score for Domain Controllers found in all AD Domains in AD Forest.
DOMAIN CONTROLLERS SCORE
Tests recommended by ANSSI and MITRE for Active Directory can be found on ANSSI and MITRE Sites.
ANSSI/MITRE SCORE
Tests recommended by Microsoft. Please check test link in AD Status for more information.
MS RECOMMENDED SCORE
Shows overall score for CIS Hardening settings on Domain Controllers. Please check Domain Controllers CIS Hardening for more information.
DC HARDENING SCORE
Shows overall score for Privileged Accounts. Please navigate to Privileged Accounts category to see tests associated with Privileged Accounts.
PRIVILEGED ACCOUNTS SCORE
Shows overall score for Users in all AD Domains. Please navigate to AD Security Risks-Users category to see tests associated with users.
USER RISKS SCORE
Shows overall score for Computers in all AD Domains. Please navigate to AD Security Risks-Computers category to see tests associated.
COMPUTER RISKS SCORE
Shows overall score for Admins and if any of them is configured with SPNs and if sending Bad Logon attempts can be found in AD Security Risks-Admins.
ADMINS RISKS SCORE
Show overall score for tests executed in Sensitive Changes and make sure Sensitive Objects in AD are not modified.
SENSITIVE CHANGES SCORE
Shows overall score for critical and default accounts such as default Administrator and Guest accounts.
CRTTICAL ACCOUNTS SCORE
Shows overall score for Objects owned by users other than admins for critical objects in all Active Directory domains.
OBJ OWNERSHIP SCORE
Shows overall score for Domain Policies and if the Password and Account Policies are configured correctly in all AD Domains in AD Forest.
DOMAIN POLICIES SCORE
Shows overall score for AD Permissions applied at different levels in all AD Domains. Permissions tests can be found in AD Permissions Category.
AD PERMISSIONS SCORE
Shows overall Security score for AD Features. Some AD Features such as Protected Users Group and Recycle bin need to be used in all AD Domains.
AD FEATURES SCORE
Shows overall score for all AD Sites and if the AD Sites are configured correctly and as per Microsoft and other security organizations.
AD SITES SCORE
Shows overall score for Forest PDC Emulator and domain controllers in all AD Domains to ensure Domain Controllers are using correct time sync.
TIME SYNC SCORE
Shows AD Objects overall Score and if the AD Objects are in use and configured correctly such as unprotected OUs.
AD OBJECTS SCORE
Shows overall score for AD GPO to ensure required GPO settings are configured in the AD Domains and all AD GPOs are applying correctly.
AD GPO SCORE
Shows overall Score for DNS ensuring no static DNS Records and other tests which are recommended to check in an Active Directory environment.
AD DNS SCORE
AZURE ENTRA ID SSO
OVERALL SCORE
| Item | Value |
| Number of AD Sites | 1 |
| Number of Application Partitions | 2 |
| Number of Global Catalogs | 1 |
| Forest UPN Suffixes | |
| Forest Schema Master | dc114.Dynamicpacks.net |
| Forest Domain Naming Master | dc114.Dynamicpacks.net |
| Forest Root Domain | Dynamicpacks.net |
| Forest Domains | Dynamicpacks.net |
| Forest Functional Level | Windows2016Forest |
| AD Forest Name | DynamicPacks.net |
| Domain | HostName | IPv4Address | IPv6Address | IsGlobalCatalog | IsReadOnly | OperatingSystem | OperatingSystemServicePack | Site | SslPort |
| Dynamicpacks.net | dc114.Dynamicpacks.net | 172.16.31.114 | True | False | Windows Server 2019 Standard Evaluation | Default-First-Site-Name | 636 |
| Domain | Forest | Functional Level | Infrastructure Master | NetBIOS Name | PDC Emulator | RID Master |
| Dynamicpacks.net | Dynamicpacks.net | Windows2016Domain | dc114.Dynamicpacks.net | DYNAMICPACKS0 | dc114.Dynamicpacks.net | dc114.Dynamicpacks.net |
| AD Site | Bridgehead Servers | Current ISTG | In Site Links | Location | Servers | Site Option | Subnets |
| Default-First-Site-Name | 0 | dc114.Dynamicpacks.net | 1 | 1 | 0 |
| AD Site Link | AD Sites | Total AD Sites |
| DEFAULTIPSITELINK | CN=Default-First-Site-Name-CN=Sites-CN=Configuration-DC=Dynamicpacks-DC=net | 1 |
| AD Domain | Minimum Password Length |
| Dynamicpacks.net | 7 |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| AdminSDHolder was Modified in last 30 days TEST IDvuln1_permissions_adminsdholder
|
|
"AdminSDHolder Object was modified in total domains:1" | 1 | IOC |
| Misconfigured Administrative Accounts Found TEST IDMS-RECOMMENDED
|
|
"Total Admins Misconfigured:2" | 2 | IOE IOC |
| Weak Password Policies Affected Admins TEST IDvuln2_privileged_members_password
|
|
"Total Privileged Account using Weak Password Policy:2" | 23 | IOE IOC |
| TLS 1.1 Enabled DCs TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers with TLS 1.1 Protocol Enabled:1" | 1 | IOE |
| NTLM Authentication Enabled DCs TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers with NTLM Enabled:1" | 1 | IOE |
| Missing DNS Scavenging DCs TEST IDMS-RECOMMENDED
|
|
"Total DNS Servers Not Enabled with Server Level Scavenging:1" | 1 | IOE |
| Print Spooler Service Running DCs TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers with Print Spooler Service running:1" | 1 | IOE |
| Accounts with Extended Rights to Read LAPS Passwords Found TEST IDMS-RECOMMENDED
|
|
"Illegal Accounts Found to read LAPS in AD Domains:LAPS/Module Not Installed" | LAPS/Module Not Installed | IOE IOC |
| Protected Users Group Status TEST IDvuln3_protected_users
|
|
"Total Domains Not Using Protected Users Group:1" | 1 | |
| Missing Microsoft LAPS in AD Forest TEST IDMS-RECOMMENDED
|
|
"Microsoft LAPS Status:Not Deployed" | Not Deployed | |
| Objects Modified in Last 10 Days TEST IDMS-RECOMMENDED
|
|
"Total Objects Modified in AD Domains in last 10 days:241" | 241 | IOE IOC |
| Objects Created in Last 10 Days TEST IDMS-RECOMMENDED
|
|
"Total Objects Created in AD Domains in last 10 days:241" | 241 | IOE IOC |
| Anyone can Join Computers to Domain TEST IDMS-RECOMMENDED
|
|
"Total Domains Allowing Normal Users to Join Computers to domain:1" | 1 | IOE |
| Denied RODC Password Replication Group missing Privileged Accounts TEST IDvuln3_rodc_denied_group
|
|
"Total Missing Privileged Groups in Denied RODC Password Replication Group:8" | 8 | IOE |
| Schema Admin Group members TEST IDMS-RECOMMENDED
|
|
"Schema Admins Group contains members:1" | 1 | IOE |
| Missing Domain Zones Scavenging TEST IDMS-RECOMMENDED
|
|
"Total Domain Zones Not Enabled with Scavenging:1" | 1 | IOC |
| User Accounts Pass Never Expires TEST IDvuln2_dont_expire
|
|
"Total Users with Password Never Expires in all Domains:1" | 1 | IOC |
| Sensitive GPOs Modified TEST IDMS-RECOMMENDED
|
|
"Sensitive GPOs Status in Last 10 Days:WARNING: Modified" | WARNING: Modified | IOC |
| Changes to Privileged Groups in Last 15 days TEST IDMS-RECOMMENDED
|
|
"Total Privileged Groups Modified in Last 15 Days in All Domains:13" | 13 | IOC |
| Built-In Admin Account Not protected TEST IDMS-RECOMMENDED
|
|
"Default Administrator Account not protected in all domains:1" | 1 | IOE IOC |
| Built-In Admin Account Not Disabled TEST IDMS-RECOMMENDED
|
|
"Default Admin Account not disabled in Total Domains:1" | 1 | IOE IOC |
| Built-In Admin Account Not Renamed TEST IDMS-RECOMMENDED
|
|
"Default Admin Account not renamed in Total Domains:1" | 1 | IOE |
| Built-In Admin Account was used in last 10 days TEST IDMS-RECOMMENDED
|
|
"Total Domains in which Default Administrator account was used in last 10 days:1" | 1 | IOC |
| Guest Account is not renamed TEST IDMS-RECOMMENDED
|
|
"Guest Account not renamed in Total Domains:1" | 1 | IOE |
| Missing Privileged Groups in Protected Users Group TEST IDvuln3_protected_users
|
|
"Total Missing Privileged Groups in Protected Users Group:Not In Use" | Not In Use | IOE IOC |
| Privileged Accounts Pass Never Expires TEST IDvuln2_dont_expire
|
|
"Total Privileged Accounts set to Password Never Expire in all Domains:0" | 34 | IOE IOC |
| Too Many Privileged Accounts TEST IDvuln_privileged_members
|
|
"Affected AD Domains:0" | 20 | IOC |
| Inactive Admins TEST IDvuln1_user_accounts_dormant
|
|
"Total Enabled Admin Accounts Not In Use Since Last 30 Days:0" | 19 | IOE |
| Privileged Groups Contain more than 20 members TEST IDvuln1_privileged_members
|
|
"Privileged Groups Contain More than 20 members:0" | 18 | IOE |
| Kerberos Pre-authentication Disabled TEST IDvuln1_kerberos_properties_preauth_priv
|
|
"Total Pre-Authentication Admins in all domains:0" | 55 | IOE IOC |
| Privileged Groups Contained Computer Accounts TEST IDMS-RECOMMENDED
|
|
"Total computer accounts part of privileged groups:0" | 90 | IOE IOC |
| Privileged Admins missing AdminCount=1 Flag TEST IDMS-RECOMMENDED
|
|
"Total Admins not set with AdminCount=1 flag in all domains:0" | 87 | IOC |
| ForeignSecurityPrincipals In Privileged Groups TEST IDMS-RECOMMENDED
|
|
"Total ForeignSecurityPrincipal in Privileged Groups:0" | 64 | IOE IOC |
| Operators Groups are not empty TEST IDMS-RECOMMENDED
|
|
"Operators Groups containing total members in all domains:0" | 10 | IOE IOC |
| Password Do Not Expire TEST IDvuln1_dont_expire_priv
|
|
"Total Admin Accounts set to PasswordNeverExpires:1" | 12 | IOE |
| Default Domain Policy-Minimum Password Length TEST IDvuln2_privileged_members_password
|
|
"Account Policies Not Configured correctly in Total Domains:1" | 1 | IOE |
| FGPP Policies-Minimum Password Length TEST IDvuln2_privileged_members_password
|
|
"FGPP Not Configured Correctly In Domains:Not Created" | Not Created | IOE |
| FGPP Policies Not Applying TEST IDMS-RECOMMENDED
|
|
"Total FGPP Not Applying in All Domains:Not Created" | Not Created | IOE |
| AllowNT4Crypto DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs with AllowNT4Crypto Enabled:1" | 1 | IOE |
| RC4 Encryption Enabled DCs TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers With RC4 Encryption Enabled:1" | 1 | IOE |
| Missing Updates DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs Not Updated Since Last 45 Days:1" | 1 | IOE |
| Errors and Warnings in Log DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs with Event Log Errors:1" | 1 | IOE |
| Scheduled Tasks found on Domain Controllers TEST IDMS-RECOMMENDED
|
|
"Total Scheduled Tasks on DCs:3" | 3 | IOC |
| Software Installed on Domain Controllers TEST IDMS-RECOMMENDED
|
|
"Total Software Installed on DCs:6" | 6 | IOE |
| Sites without Subnets Association TEST IDMS-RECOMMENDED
|
|
"Total AD Sites Without Subnets:1" | 1 | |
| PDC Emulator Time Source TEST IDMS-RECOMMENDED
|
|
"Root PDC Time Source:Internal Source" | Internal Source | |
| Disabled GPOs TEST IDMS-RECOMMENDED
|
|
"Total Disabled GPOs:0" | 23 | |
| GPOs not Linked to OUs TEST IDMS-RECOMMENDED
|
|
"Total OUs without GPO Linked:0" | 23 | IOE |
| GPOs not Applying TEST IDMS-RECOMMENDED
|
|
"Total GPOs not applying correctly in All Domains:0" | 34 | |
| Orphaned GPO Containers TEST IDMS-RECOMMENDED
|
|
"Total Orphaned Group Policy Objects:0" | 34 | |
| Found GPOs with Block Inheritance TEST IDMS-RECOMMENDED
|
|
"Total GPOs with Block Inheritance Defined:0" | 2 | |
| GPO Naming Convention TEST IDMS-RECOMMENDED
|
|
"Number Of GPOs do not follow Standard Naming Convention:0" | 32 | |
| Found GPO with WMI Filters TEST IDMS-RECOMMENDED
|
|
"Total GPO with WMI Filter:0" | 45 | |
| Domain GPO Application Status TEST IDMS-RECOMMENDED
|
|
"Total GPOs Not Applied:0" | 23 | |
| No Group Policy Objects Defining Log Size and Retention TEST IDMS-RECOMMENDED
|
|
"Total AD Domains Affected:1" | 23 | |
| No Group Policy Objects to Prevent Domain Admins from logging on to Workstations or Servers Found TEST IDMS-RECOMMENDED
|
|
"Total AD Domains Affected:1" | 1 | |
| No Group Policy Objects to Block ISO Execution Found TEST IDMS-RECOMMENDED
|
|
"Total AD Domains Affected:1" | 1 | |
| No Group Policy Objects to Mitigate SMBv1 Found TEST IDMS-RECOMMENDED
|
|
"Total AD Domains Affected:1" | 1 | |
| No Group Policy Objects Enforcing UAC Prompt for Elevation Found TEST IDMS-RECOMMENDED
|
|
"Total AD Domains Affected:1" | 1 | |
| No Group Policy Objects to Mitigate Accidental Script Execution TEST IDMS-RECOMMENDED
|
|
"Total AD Domains Affected:1" | 1 | |
| No Group Policy Objects to Mitigate NTLMv1 Protocol TEST IDMS-RECOMMENDED
|
|
"Total AD Domains Affected:1" | 1 | |
| High Value Targets Found TEST IDMS-RECOMMENDED
|
|
"Total High Value Targets Found:2" | 2 | IOE IOC |
| Access Control Lists on Computers Found TEST IDMS-RECOMMENDED
|
|
"Total Abusable ACLs on Computer Objects:0" | 23 | IOE IOC |
| Access Control Lists on Security Groups Found TEST IDMS-RECOMMENDED
|
|
"Found Dangerous Group Permissions in AD Domains:0" | 23 | IOE IOC |
| Access Control Lists on Users Found TEST IDMS-RECOMMENDED
|
|
"Found Dangerous User Permissions:0" | 23 | IOE IOC |
| Group Policy Objects with Improper Permissions Found TEST IDMS-RECOMMENDED
|
|
"Abusable GPO Permissions found in Total AD Domains:0" | 23 | IOE IOC |
| Group Policy Object Assignments with Improper Permissions Found TEST IDMS-RECOMMENDED
|
|
"Total Abusable GPO Permissions in AD Domains:0" | 23 | IOE IOC |
| Dangerous Permissions Found on MicrosoftDNS Container TEST IDvuln_permissions_msdns
|
|
"AD Domains Affected:0" | 23 | IOE IOC |
| Dangerous Permissions Found on Naming Contexts TEST IDvuln_permissions_naming_context
|
|
"AD Domains Affected:0" | 23 | IOE IOC |
| Pre-Windows 2000 Compatible Access Group is not empty TEST IDvuln_compatible_2000_anonymous
|
|
"Number of AD Domains Affected:0" | 23 | IOE IOC |
| Found Groups with SID history Set TEST IDvuln_sidhistory_present
|
|
"Total Groups With sIDHistory Affected domains:0" | 23 | IOE IOC |
| Normal Users Full Control Permissions on OUs TEST IDMS-RECOMMENDED
|
|
"Total Normal User Accounts with Full Control Rights to Organizational Units in all Domains:0" | 0 | IOE IOC |
| EVERYONE Full Control Permissions on OUs TEST IDMS-RECOMMENDED
|
|
"Total Organizational Units with Everyone Full Control Access Rights:0" | 23 | IOE IOC |
| Abusable Permissions Found on SYSVOL and NETLOGON TEST IDMS-RECOMMENDED
|
|
"Abusable Permissions Found on SYSVOL and Netlogon Shares:Ok" | Ok | IOE IOC |
| LAPS SearchFlag modified TEST IDMS-RECOMMENDED
|
|
"LAPS SearchFlags Modified:Modified" | Modified | IOE IOC |
| Unauthorized Users having GPLink Rights on Domain NC TEST IDMS-RECOMMENDED
|
|
"AD Domains Affected:0" | 23 | IOE IOC |
| Unauthorized Users having GPLink Rights on Domain Controllers OU TEST IDMS-RECOMMENDED
|
|
"AD Domains Affected:0" | 23 | IOE IOC |
| Unauthorized Users having GPLink Rights on AD Sites TEST IDMS-RECOMMENDED
|
|
"AD Sites Affected:0" | 23 | IOE IOC |
| AD Recycle Bin Status TEST IDMS-RECOMMENDED
|
|
"AD Recycle Bin Status:Disabled" | Disabled | |
| Privileged Management Status TEST IDMS-RECOMMENDED
|
|
"Privileged Access Management Status:Disabled" | Disabled | |
| Managed Service Accounts Status TEST IDMS-RECOMMENDED
|
|
"Managed Service Accounts Status:Are not in use" | Are not in use | |
| Missing SSL Authentication DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs without SSL:1" | 1 | IOE |
| Missing Enough DNS Servers in NIC DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs With inadequate Number Of DNS Servers in NIC Property:1" | 1 | |
| Not Enough Local Disks DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs Not Configured With Recommended Disk Configuration:1" | 1 | |
| Missing AD Sites Coverage TEST IDMS-RECOMMENDED
|
|
"Total AD Sites Not Covered:1" | 1 | |
| Sites Missing Bridgehead Server TEST IDMS-RECOMMENDED
|
|
"Number Of AD Sites Without Bridgehead Servers:1" | 1 | |
| AD Sites Redundancy TEST IDMS-RECOMMENDED
|
|
"Total AD Sites with Only One Domain Controller:1" | 1 | |
| Unprotected OUs TEST IDMS-RECOMMENDED
|
|
"Total Ous not protected:1" | 1 | |
| gMSA Accounts Status TEST IDMS-RECOMMENDED
|
|
"Total Domains With gMSA Accounts:0" | 0 | |
| Additional Roles and Features DCs TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers with Additional Roles and Features:1" | 1 | IOE |
| Replication Interval Not Optimized Sites TEST IDMS-RECOMMENDED
|
|
"Replication Interval is not optimized for Site Links:1" | 1 | |
| Security Groups without Objects TEST IDMS-RECOMMENDED
|
|
"Total Empty Security Groups In All Domains:32" | 32 | |
| Users without UPN specified TEST IDMS-RECOMMENDED
|
|
"Total Users with UPN Blank in all Domains:3" | 3 | |
| Missing Location Text in AD Sites TEST IDMS-RECOMMENDED
|
|
"Total AD Sites Not Defined With Location:1" | 1 | |
| GPO Description TEST IDMS-RECOMMENDED
|
|
"Number of GPOs not set with Description:2" | 23 | |
| Orphaned Admins on AdminSDHolder TEST IDvuln1_permissions_adminsdholder
|
|
"Total Possible Orphaned Admins in all Domains on AdminSDHolder object:0" | 0 | IOC |
| Dangerous Permissions on AdminSDHolder TEST IDvuln1_privileged_members_perm vuln2_privileged_members_perm
|
|
"AD Domains Affected:0" | 0 | IOC |
| Constrained delegation to domain controller service TEST IDvuln1_delegation_a2d2
|
|
"Total Computers with Constrained Delegation in all Domains:0" | 0 | IOC |
| Resource-based constrained delegation on domain controllers TEST IDvuln1_delegation_sourcedeleg
|
|
"Total Computers with Resource-Based Delegation in all Domains:0" | 0 | IOC |
| Anonymous Access to Active Directory TEST IDvuln1_dsheuristics_bad
|
|
"Anonymous Access To Active Directory:0" | 0 | IOE |
| Anonymous or EVERYONE in Pre-Windows 2000 Group TEST IDvuln2_compatible_2000_anonymous
|
|
"Number of Domains Affected:0" | 0 | IOE IOC |
| Found Hidden Domain Controllers TEST IDMS-RECOMMENDED
|
|
"Total Hidden Domain Controllers:0" | 0 | IOE |
| Successful Exploit Machine Accounts Found TEST IDMS-RECOMMENDED
|
|
"Total Exploit Machine Accounts:0" | 0 | IOE |
| Possible User-based Service Accounts found TEST IDMS-RECOMMENDED
|
|
"Total Possible User-Based Service Accounts:0" | 0 | IOC |
| Domain Trusts Found TEST IDMS-RECOMMENDED
|
|
"Domain Trusts Status:Not Found" | Not Found | IOE IOC |
| Replication Errors DCs TEST IDMS-RECOMMENDED
|
|
"Total DCS in Replication Errors:0" | 0 | IOE |
| Allowed RODC Password Replication Group is not empty TEST IDvuln3_rodc_allowed_group
|
|
"Total Members in RODC Replication Group:0" | 0 | IOE |
| Managed service accounts with passwords unchanged for more than 90 days TEST IDvuln_password_change_msa_no_change_90
|
|
"Total Managed Service Accounts Password Unchanged Since last 90 days:0" | 0 | IOE |
| msDS-NeverRevealGroupattribute RODC missing Privileged Accounts TEST IDvuln3_rodc_never_reveal
|
|
"Total Privileged Groups Not in PRP Denied List:0" | 0 | IOE |
| Unsecure Updates Zones TEST IDvuln1_dnszone_bad_prop vuln3_dnszone_bad_prop
|
|
"Total DNS Zones accepting non-secure updates:0" | 0 | IOE IOC |
| Users with LastPasswordSet was never Set TEST IDvuln2_dont_expire
|
|
"Total Users with LastPasswordSet was never set in all Domains:0" | 20 | IOE |
| Users with PWDLastSet to ZERO TEST IDvuln1_user_accounts_dormant
|
|
"Total Users with PWDLastSet to ZERO in all Domains:0" | 23 | IOE |
| Users with SPNs Configured TEST IDvuln1_spn_priv
|
|
"Total Users with SPN defined in all Domains:0" | 23 | IOE |
| Password Expiration is missing for smart card users TEST IDvuln_smartcard_expire_passwords
|
|
"AD Domains Affected:0" | 4 | IOE |
| Accounts vulnerable to Kerberoasting Found TEST IDMS-RECOMMENDED
|
|
"Total Kerberoasting Accounts Found:0" | 23 | IOE |
| Users With DES encryption TEST IDvuln2_kerberos_properties_deskey
|
|
"Total Users with DES Encryption in all Domains:0" | 23 | IOE |
| Users With Reversible Encryption TEST IDvuln3_reversible_password
|
|
"Total Users with Reversible Encryption set in all Domains:0" | 23 | IOE |
| Users With Kerberos Pre-Authentication TEST IDvuln1_kerberos_properties_preauth_priv vuln2_kerberos_properties_preauth
|
|
"Total Pre-Authentication Users in all domains:0" | 23 | IOE |
| Users Modified with PrimaryGroupID TEST IDvuln3_primary_group_id_nochange vuln1_primary_group_id_1000
|
|
"Total Users with PrimaryGroupID Modified in all Domains:0" | 23 | IOC |
| Users Sending Bad Logons TEST IDMS-RECOMMENDED
|
|
"Total Users sending Bad Logons in all Domains:0" | 23 | IOC |
| Users Disabled TEST IDvuln_user_accounts_dormant
|
|
"Total Disabled Users in all Domains:0" | 234 | IOC |
| Stale User Accounts TEST IDvuln1_user_accounts_dormant
|
|
"Total Stale User Accounts in all Domains:0" | 400 | IOC |
| Users Expired TEST IDMS-RECOMMENDED
|
|
"Total Expired Users in all Domains:0" | 200 | IOC |
| User Accounts Pass Not Required TEST IDvuln2_dont_expire
|
|
"Total Users with Password Not Required set in all Domains:0" | 0 | IOC |
| Computers with SPNs Configured TEST IDvuln1_spn_priv
|
|
"Total Computers using ServicePrincipalNames in all Domains:0" | 0 | IOE |
| Computers With Unconstrained Delegation TEST IDvuln2_delegation_t4d
|
|
"Total Computers with Unconstrained Delegation in all Domains:0" | 0 | IOE |
| Computers Modified with PrimaryGroupID TEST IDvuln3_primary_group_id_nochange vuln1_primary_group_id_1000
|
|
"Total Computers modified with PrimaryGroupID:0" | 0 | IOC |
| Computers Sending Bad Logons TEST IDMS-RECOMMENDED
|
|
"Total Computers sending Bad Logon Attempts in all Domains:0" | 0 | IOC |
| Computers Disabled TEST IDvuln_user_accounts_dormant
|
|
"Total Disabled Computer Accounts in all Domains:0" | 140 | IOC |
| Stale Computer Accounts TEST IDvuln1_user_accounts_dormant
|
|
"Total Stale Computer Accounts in all Domains:0" | 200 | IOC |
| Unsupported Operating Systems TEST IDMS-RECOMMENDED
|
|
"Total End Of Life-Unsupported Operating Systems:0" | 0 | IOE |
| Admins with SPNs Configured TEST IDvuln1_spn_priv
|
|
"Total Admin Accounts With ServicePrincipalName Identified:0" | 0 | IOE |
| Admins Sending Bad Logons TEST IDMS-RECOMMENDED
|
|
"Total Privileged Users With Bad Logon Attempts:0" | 0 | IOC |
| Domain Controllers not owned by Admins TEST IDvuln1_permissions_dc
|
|
"Total Domain Controllers owned by non-privileged accounts:0" | 0 | IOC |
| Computer Objects not managed by Admins TEST IDvuln3_owner
|
|
"Total Computers Not Managed By Admins in all Domains:0" | 0 | IOC |
| Organizational Units not managed by Admins TEST IDvuln3_owner
|
|
"Total Organizational Units Not Managed By Admins:0" | 0 | IOC |
| Recently Created Privileged Admins TEST IDMS-RECOMMENDED
|
|
"Total Privileged Accounts created in last 10 days in all domains:0" | 0 | IOC |
| Users Identified with Privileged SIDs in sIDHistory TEST IDMS-RECOMMENDED
|
|
"Total Users containing Admin Accounts in sIDHistory in all Domains:0" | 0 | IOC |
| Computers Identified with Privileged SIDs in sIDHistory TEST IDMS-RECOMMENDED
|
|
"Total Computers containing Admin Accounts in sIDHistory in all Domains:0" | 0 | IOC |
| Found Excluded Groups by AdminSDHolder and SDProp TEST IDMS-RECOMMENDED
|
|
"Total Excluded Groups by SDProp Process:0" | 0 | IOC |
| krbtgt Account with Resource-Based Constrained Delegation TEST IDMS-RECOMMENDED
|
|
"Affected number of Domains:0" | 0 | IOC |
| Built-In Admin Account Password Not Changed in 90 days TEST IDMS-RECOMMENDED
|
|
"Total Domains in which Default Administrator password not changed since last 90 days:0" | 0 | IOE |
| KRBTGT Account Password Not Changed TEST IDvuln2_krbtgt
|
|
"Total Domains Using KRBTGT Old Password:0" | 0 | IOE |
| Guest Account is enabled TEST IDMS-RECOMMENDED
|
|
"Total Guest Accounts Enabled in All Domains:0" | 0 | IOE |
| Administrator Account ServicePrincipalNames Found TEST IDMS-RECOMMENDED
|
|
"Total AD Domains Affected:0" | 0 | IOE |
| Disabled Admins part of Privileged Groups TEST IDMS-RECOMMENDED
|
|
"Total Disabled Admins In Privileged Groups:0" | 23 | IOE |
| Passwords Not Changed within 90 days TEST IDvuln1_password_change_priv
|
|
"Total Admin Accounts Did Not Change Their Passwords Since Last 90 Days:0" | 23 | IOE |
| DNSAdmins Group has members TEST IDvuln1_dnsadmins and vuln1_permissions_msdn
|
|
"Total Members In DNSAdmins Group In All Domains:0" | 45 | IOE IOC |
| AdminsCount Flag set users not acting as Admins TEST IDMS-RECOMMENDED
|
|
"Total Unknown Admins Found:0" | 232 | IOC |
| Account Lockout Policies Missing TEST IDMS-RECOMMENDED
|
|
"Total Accounts Locked Out in All Domains:0" | 0 | IOE |
| Domain Controllers Modified with PrimaryGroupID TEST IDvuln3_primary_group_id_nochange vuln1_primary_group_id_1000
|
|
"Total Domain Controllers modified with PrimaryGroupID:0" | 0 | IOC |
| SMB 1 Protocol Enabled DCs TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers with SMB1 Server Protocol Enabled:0" | 0 | IOE |
| SMB 1 Client Protocol Enabled DCs TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers with SMB1 Client Service Enabled:0" | 0 | IOE |
| LAN Manager password hashes Enabled DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs with LAN Manager Password Hashes:0" | 0 | IOE |
| SMB Signing Disabled DCs TEST IDMS-RECOMMENDED
|
|
"Total Domains Controller Without SMB Signing:0" | 0 | IOE |
| LDAP Signing Disabled DCs TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers Without LDAP Signing:0" | 0 | IOE |
| Inconsistent DCs TEST IDvuln1_dc_inconsistent_uac
|
|
"Total Domain Controllers in Inconsistent State:0" | 0 | IOE |
| Unauthenticated DCs since last 45 Days TEST IDvuln1_password_change_inactive_dc
|
|
"Total Domain Controllers Not Authenticated Within 45 days In All Domains:0" | 0 | IOE |
| Secrets not renewed DCs TEST IDvuln1_password_change_dc_no_change
|
|
"Total Domain Controllers Not Changed Password Within 45 Days In All Domains:0" | 0 | IOE |
| Missed Reboot Cycles DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs Not Rebooted Since Last 30 Days:0" | 0 | IOE |
| No Contacts with Domain Controllers in Last Three Months TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers not contacted since last three months:0" | 0 | IOE |
| Ensure UNC Paths for SYSVOL and NETLOGON are harderend TEST IDMS-RECOMMENDED
|
|
"SYSVOL and Netlogon Hardening Missing on Total DCs:0" | 0 | IOE |
| Orphaned DCs TEST IDvuln1_dc_inconsistent_uac
|
|
"Total Orphaned Domain Controllers:0" | 0 | IOE |
| Missing DNS Forwarders DCs TEST IDMS-RECOMMENDED
|
|
"Total DNS Servers Do Not Have Forwarders Configured:0" | 0 | IOE |
| Missing Root Hints DCs TEST IDMS-RECOMMENDED
|
|
"Total DNS Servers Do Not Have Root Hints Configured:0" | 0 | IOE |
| Missing Host Records DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs Missing Host Records in DNS:0" | 0 | IOE |
| Not Enough Free Space DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs with Low Disk Space:0" | 0 | IOE |
| Loopback Address Missing DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs not configured with Loopback Address:0" | 0 | IOE |
| Multihomed DCs TEST IDMS-RECOMMENDED
|
|
"Total DCS in Multihomed State:0" | 0 | IOE |
| NTFS Replication DCs TEST IDvuln2_sysvol_ntfrs
|
|
"Total Domain Controllers utilizing NTFRS for AD Replication:0" | 0 | IOE |
| Strict Replication Disabled DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs with Strict Replication Consistency not enabled:0" | 0 | IOE IOC |
| DCDiag Failure DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs with DCDiag Failures:0" | 0 | |
| Out Of Default OUs DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs outside of it's Default OU:0" | 0 | |
| Unsupported OS DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs running Unsupported Operating Systems:0" | 0 | IOE |
| Missing DNS Dynmaic Registration on NIC DCs TEST IDMS-RECOMMENDED
|
|
"Total DCS NIC Dynamic Updates Not Enabled:0" | 0 | |
| Missing _msdcs Zone DCs TEST IDMS-RECOMMENDED
|
|
"Total DNS Servers Missing _msdcs Zone:0" | 0 | |
| Event Log Config Not Correct DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs with Event Log misconfiguration:0" | 0 | |
| Event Log Size Not Optimized DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs with Event Log Size not optimal:0" | 0 | |
| Fax Server role installed DCs TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers have Fax Server Installed::0" | 0 | IOE |
| Microsoft FTP service installed DCs TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers have FTP Server Installed::0" | 0 | IOE |
| Peer Name Resolution Protocol installed DCs TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers have Peer Name Resolution Protocol Installed::0" | 0 | IOE |
| Simple TCP-IP Services installed DCs TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers have Simple TCP/IP Services Installed::0" | 0 | IOE |
| Telnet Client installed DCs TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers have Telnet Client Installed::0" | 0 | IOE |
| TFTP Client installed DCs TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers have TFTP Client Installed::0" | 0 | IOE |
| Server Message Block (SMB) v1 protocol Installed DCs TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers have SMB 1.0/CIFS File Sharing Support Installed::0" | 0 | IOE |
| Windows PowerShell 2.0 installed DCs TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers have Windows PowerShell 2.0 Engine Installed::0" | 0 | IOE |
| ADWS Service Set to Manual DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs ADWS Not Set to Start Automatic:0" | 0 | IOE |
| DHCP Service Running DCs TEST IDMS-RECOMMENDED
|
|
"Total Domain Controllers with DHCP Server running:0" | 0 | IOE |
| AD Services not running DCs TEST IDMS-RECOMMENDED
|
|
"Total DCs with Services Not Running:0" | 0 | IOE |
| Total Undefined Subnets TEST IDMS-RECOMMENDED
|
|
"Total Undefined Subnets in AD Forest:0" | 0 | |
| Sites without ISTG Role TEST IDMS-RECOMMENDED
|
|
"Total AD Sites Do Not Have ISTG Defined:0" | 0 | |
| Manual Replication Connection Objects TEST IDMS-RECOMMENDED
|
|
"Total Manual Replication Connection Objects:0" | 0 | |
| Missing Global Catalog Sites TEST IDMS-RECOMMENDED
|
|
"Total AD Sites Without Global Catalog Servers or No Universal Group Caching Enabled:0" | 0 | |
| Duplicate Site Links TEST IDMS-RECOMMENDED
|
|
"Total Duplicate Site Links:0" | 0 | |
| Sites With Manual Bridgehead Server TEST IDMS-RECOMMENDED
|
|
"Number Of AD Sites With Manual Bridgehead Servers:0" | 0 | |
| Sites creating Mesh Topology TEST IDMS-RECOMMENDED
|
|
"Total AD Site Links Containing More than Two AD Sites:0" | 0 | |
| AD Sites without Site Link TEST IDMS-RECOMMENDED
|
|
"Total AD Sites Not In Site Links:0" | 0 | |
| AD Sites without Domain Controller TEST IDMS-RECOMMENDED
|
|
"Total AD Sites Without Domain Controllers:0" | 0 | |
| Domain Controllers Time Source TEST IDMS-RECOMMENDED
|
|
"Total DCs Not Defined With Correct Time-Source:0" | 0 | |
| Domain FSMO Placement TEST IDMS-RECOMMENDED
|
|
"AD FSMO Placement Status:FSMO Placement is correct." | FSMO Placement is correct. | |
| Domain Naming Master and Schema Master Placement TEST IDMS-RECOMMENDED
|
|
"Status:Hosted on same computer" | Hosted on same computer | |
| Managed Service Accounts Not Linked TEST IDMS-RECOMMENDED
|
|
"Total Managed Service Accounts are not Linked:0" | 0 | IOE |
| TombstoneLifeTime Modified? TEST IDMS-RECOMMENDED
|
|
"Current TombstoneLifeTime Value:180" | 180 | |
| Check AD Forest Functional Level TEST IDMS-RECOMMENDED
|
|
"AD Forest Functional Level:Dynamicpacks.net is Windows2016Forest" | Dynamicpacks.net is Windows2016Forest | |
| Check AD Domain Functional Level TEST IDMS-RECOMMENDED
|
|
"Status:Ok" | Ok | |
| Ogranizational Units without Objects TEST IDMS-RECOMMENDED
|
|
"Total Empty Organizational Units In All Domains:0" | 0 | |
| Duplicate SPNs TEST IDvuln1_delegation_sourcedeleg
|
|
"Total Duplicate SPNs in AD Domains:0" | 0 | |
| Unauthenticated Servers TEST IDvuln2_password_change_server_no_change_90
|
|
"Total Servers Not Authenticated Within 90 Days in All Domains:0" | 0 | IOE IOC |
| Secrets not renewed Servers TEST IDvuln3_password_change_server_no_change_45
|
|
"Total Servers Not Changing Password within 45 days in all Domains:0" | 0 | IOE IOC |
| AD Forest Schema Not upto date TEST IDvuln2_adupdate_bad
|
|
"Current Forest Schema Version Status:OK:88" | OK:88 | IOE |
| Found Unused Netlogon Scripts TEST IDMS-RECOMMENDED
|
|
"Total Unused Scripts In All Domains:0" | 0 | IOE IOC |
| No Group Policy Objects for Preventing passwords using reversible encryption TEST IDMS-RECOMMENDED
|
|
"Total AD Domains Affected:0" | 0 | |
| GPO Preferences Containing Passwords TEST IDMS-RECOMMENDED
|
|
"GPO Preferences Containing Password in All AD Domains:0" | 0 | |
| Too many DNS Static Records TEST IDMS-RECOMMENDED
|
|
"Total Static Records:0" | 0 | IOC |
| DNS Round-Robin Not Enabled TEST IDMS-RECOMMENDED
|
|
"Total DNS Servers Not Enabled With Round Robin:0" | 0 | |
| Conditional Forwarders Not Working TEST IDMS-RECOMMENDED
|
|
"Total Conditional Forwarders Configured:0" | 0 |
| AD Domain | Blank Password | LastPassword Unset | Stale | Disabled | Pass Never Expires | Expired | Reversible Enc | DES Enc | PrimaryGroupID Modified | PWDLastSet Unset | Kerberos Pre-Auth | With SPNs | Sending Bad Logons | Password Not Required | Unconstrained Delegation |
| Dynamicpacks.net | Blank PAssword | Blank PAssword | Inactive | 0 | 1 | 0 | 0 | 50 | 0 | 0 | 0 | 0 | 0 | 40 | NOT FOUND |
| Domaintwo.com | Blank Password | Blank Password | Inactive | 0 | 1001 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 40 | NOT FOUND |
| Domain | HostName | IPv4Address | IPv6Address | IsGlobalCatalog | IsReadOnly | OperatingSystem | OperatingSystemServicePack | Site | SslPort |
| Dynamicpacks.net | dc114.Dynamicpacks.net | 172.16.31.114 | True | False | Windows Server 2019 Standard Evaluation | Default-First-Site-Name | 636 |
The Consolidation/Migration Score shows details about the score for two types of items; Objects and Security Risks. Objects Score indicates the objects such as users, groups, admins, computers and Operating System that require remediation. Security Risks Score indicates the risks that need to be mitigated before the migration. It also tells you whether the source AD Domain is ready for migration or not. Below summary is for all AD Domains. If you need to see the information for a specific domain then please select the AD Domain from the list.
Domain: DynamicPacks.net
MIGRATION SCORE
% of Migration Ready
| Categories | % Stale Inactive/Disabled |
% Security Risks |
|---|---|---|
| Users | ||
| Computers | ||
| Admins | ||
| Servers | ||
| Operating Systems | ||
| Groups | ||
| Admin Groups | ||
| Domain Controllers | ||
| AD GPOs | ||
| AD Permissions | ||
| Organizational Units |
| Item | # Of Items |
|---|---|
| Users Disabled | 234 |
| Stale User Accounts | 400 |
| Users Expired | 200 |
| Item | # Of Items |
|---|---|
| Computers Disabled | 140 |
| Stale Computer Accounts | 200 |
| Item | # Of Items |
|---|---|
| Computers with SPNs Configured | 0 |
| Computers With Unconstrained Delegation | 0 |
| Computers Modified with PrimaryGroupID | 0 |
| Computers Sending Bad Logons | 0 |
| Unsupported Operating Systems | 0 |
| Item | # Of Items |
|---|---|
| Inactive Admins | 19 |
| Disabled Admins part of Privileged Groups | 23 |
| Item | # Of Items |
|---|---|
| Disabled GPOs | 23 |
| GPOs not Linked to OUs | 23 |
| GPOs not Applying | 34 |
| Item | # Of Items |
|---|
| Test | Severity | Impact | Recommendation |
| Lock screen camera status | |
||
| Lock screen slide show status | |
Setting is not configured at all or not configured correctly. Slide shows that are displayed on the lock screen could display sensitive information to unauthorized personnel. Turning off this feature will limit access to the information to a logged-on user. | Configure the policy value for Computer Configuration >> Administrative Templates >> Control Panel >> Personalization >> Prevent enabling lock screen slide show to Enabled. |
| Passwords to be saved status | |
Setting is not configured at all or not configured correctly. Saving passwords in the Remote Desktop Client could allow an unauthorized user to establish a remote desktop session to another system. The system must be configured to prevent users from saving passwords in the Remote Desktop Client. Satisfies: SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00156 | Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Remote Desktop Services >> Remote Desktop Connection Client >> Do not allow passwords to be saved to Enabled. |
| Always prompt for password upon connection status | |
Setting is not configured at all or not configured correctly. This setting controls the ability of users to supply passwords automatically as part of their remote desktop connection. Disabling this setting would allow anyone to use the stored credentials in a connection item to connect to the terminal server. Satisfies: SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00156 | Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Remote Desktop Services >> Remote Desktop Session Host >> Security >> Always prompt for password upon connection to Enabled. |
| Require secure RPC communication status | |
Setting is not configured at all or not configured correctly. Allowing unsecure RPC communication exposes the system to man-in-the-middle attacks and data disclosure attacks. A man-in-the-middle attack occurs when an intruder captures packets between a client and server and modifies them before allowing the packets to be exchanged. Usually the attacker will modify the information in the packets in an attempt to cause either the client or server to reveal sensitive information. | Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Remote Desktop Services >> Remote Desktop Session Host >> Security >> Require secure RPC communication to Enabled. |
| Set client connection encryption level status | |
Setting is not configured at all or not configured correctly. Remote connections must be encrypted to prevent interception of data or sensitive information. Selecting High Level will ensure encryption of Remote Desktop Services sessions in both directions. | Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Remote Desktop Services >> Remote Desktop Session Host >> Security >> Set client connection encryption level to Enabled with High Level selected. |
| Windows Defender SmartScreen status | |
||
| AutoPlay status | |
Setting is not configured at all or not configured correctly. Allowing AutoPlay to execute may introduce malicious code to a system. AutoPlay begins reading from a drive as soon media is inserted into the drive. As a result, the setup file of programs or music on audio media may start. By default, AutoPlay is disabled on removable drives, such as the floppy disk drive (but not the CD-ROM drive) and on network drives. Enabling this policy disables AutoPlay on all drives. | Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> AutoPlay Policies >> Turn off AutoPlay to Enabled with All Drives selected. |
| Default behavior for AutoRun status | |
Setting is not configured at all or not configured correctly. Allowing AutoRun commands to execute may introduce malicious code to a system. Configuring this setting prevents AutoRun commands from executing. | Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> AutoPlay Policies >> Set the default behavior for AutoRun to Enabled with Do not execute any autorun commands selected. |
| UNC Paths Hardened status | |
Setting is not configured at all or not configured correctly. Additional security requirements are applied to Universal Naming Convention (UNC) paths specified in hardened UNC paths before allowing access to them. This aids in preventing tampering with or spoofing of connections to these paths. | Configure the policy value for Computer Configuration >> Administrative Templates >> Network >> Network Provider >> Hardened UNC Paths to Enabled with at least the following configured in Hardened UNC Paths: (click the Show button to display) Value Name: \*SYSVOL |
| Insecure guest logons status | |
Setting is not configured at all or not configured correctly. Insecure guest logons allow unauthenticated access to shared folders. Shared resources on a system must require authentication to establish proper access. | Configure the policy value for Computer Configuration >> Administrative Templates >> Network >> Lanman Workstation >> Enable insecure guest logons to Disabled. |
| Audit- Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings status | |
Setting is not configured at all or not configured correctly. The built-in guest account is a well-known user account on all Windows systems and, as initially installed, does not require a password. This can allow access to system resources by unauthorized users. Renaming this account to an unidentified name improves the protection of this account and the system. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Accounts: Rename guest account to a name other than Guest. |
| Domain controller- LDAP server signing requirements status | |
Setting is not configured at all or not configured correctly. Unsigned network traffic is susceptible to man-in-the-middle attacks, where an intruder captures packets between the server and the client and modifies them before forwarding them to the client. In the case of an LDAP server, this means that an attacker could cause a client to make decisions based on false records from the LDAP directory. The risk of an attacker pulling this off can be decreased by implementing strong physical security measures to protect the network infrastructure. Furthermore, implementing Internet Protocol security (IPsec) authentication header mode (AH), which performs mutual authentication and packet integrity for Internet Protocol (IP) traffic, can make all types of man-in-the-middle attacks extremely difficult. Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Domain controller: LDAP server signing requirements to Require signing. |
| Domain controller- Refuse machine account password changes status | |
Setting is not configured at all or not configured correctly. Enabling this setting on all domain controllers in a domain prevents domain members from changing their computer account passwords. If these passwords are weak or compromised, the inability to change them may leave these computers vulnerable. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Domain controller: Refuse machine account password changes to Disabled. |
| Domain member- Digitally encrypt secure channel data (when possible) status | |
Setting is not configured at all or not configured correctly. Requests sent on the secure channel are authenticated, and sensitive information (such as passwords) is encrypted, but not all information is encrypted. If this policy is enabled, outgoing secure channel traffic will be encrypted. Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Domain member: Digitally encrypt secure channel data (when possible) to Enabled. |
| Domain member- Digitally sign secure channel data (when possible) status | |
Setting is not configured at all or not configured correctly. Requests sent on the secure channel are authenticated, and sensitive information (such as passwords) is encrypted, but the channel is not integrity checked. If this policy is enabled, outgoing secure channel traffic will be signed. Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Domain member: Digitally sign secure channel data (when possible) to Enabled. |
| Domain member- Disable machine account password changes status | |
Setting is not configured at all or not configured correctly. Computer account passwords are changed automatically on a regular basis. Disabling automatic password changes can make the system more vulnerable to malicious access. Frequent password changes can be a significant safeguard for the system. A new password for the computer account will be generated every 30 days. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Domain member: Disable machine account password changes to Disabled. |
| Domain member- Maximum machine account password age status | |
Setting is not configured at all or not configured correctly. Computer account passwords are changed automatically on a regular basis. This setting controls the maximum password age that a machine account may have. This must be set to no more than 30 days, ensuring the machine changes its password monthly. | This is the default configuration for this setting (30 days). Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Domain member: Maximum machine account password age to 30 or less (excluding 0, which is unacceptable). |
| Domain member- Require strong (Windows 2000 or later) session key status | |
Setting is not configured at all or not configured correctly. A computer connecting to a domain controller will establish a secure channel. The secure channel connection may be subject to compromise, such as hijacking or eavesdropping, if strong session keys are not used to establish the connection. Requiring strong session keys enforces 128-bit encryption between systems. Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Domain member: Require strong (Windows 2000 or Later) session key to Enabled. |
| Interactive logon- Machine inactivity limit status | |
Setting is not configured at all or not configured correctly. Unattended systems are susceptible to unauthorized use and should be locked when unattended. The screen saver should be set at a maximum of 15 minutes and be password protected. This protects critical and sensitive data from exposure to unauthorized personnel with physical access to the computer. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Interactive logon: Machine inactivity limit to 900 seconds or less, excluding 0 which is effectively disabled. |
| Microsoft network client- Digitally sign communications (always) status | |
Setting is not configured at all or not configured correctly. The server message block (SMB) protocol provides the basis for many network operations. Digitally signed SMB packets aid in preventing man-in-the-middle attacks. If this policy is enabled, the SMB client will only communicate with an SMB server that performs SMB packet signing. Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Microsoft network client: Digitally sign communications (always) to Enabled. |
| Microsoft network client- Send unencrypted password to third-party SMB servers status | |
Setting is not configured at all or not configured correctly. Some non-Microsoft SMB servers only support unencrypted (plain-text) password authentication. Sending plain-text passwords across the network when authenticating to an SMB server reduces the overall security of the environment. Check with the vendor of the SMB server to determine if there is a way to support encrypted password authentication. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Microsoft Network Client: Send unencrypted password to third-party SMB servers to Disabled. |
| Network access- Do not allow anonymous enumeration of SAM accounts status | |
Setting is not configured at all or not configured correctly. Anonymous enumeration of SAM accounts allows anonymous logon users (null session connections) to list all accounts names, thus providing a list of potential points to attack the system. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Network access: Do not allow anonymous enumeration of SAM accounts to Enabled. |
| Network access- Do not allow anonymous enumeration of SAM accounts and shares status | |
Setting is not configured at all or not configured correctly. Allowing anonymous logon users (null session connections) to list all account names and enumerate all shared resources can provide a map of potential points to attack the system. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Network access: Do not allow anonymous enumeration of SAM accounts and shares to Enabled. |
| Network security- Allow LocalSystem NULL session fallback status | |
Setting is not configured at all or not configured correctly. NTLM sessions that are allowed to fall back to Null (unauthenticated) sessions may gain unauthorized access. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Network security: Allow LocalSystem NULL session fallback to Disabled. |
| Network security- Allow LocalSystem NULL session fallback status | |
Setting is not configured at all or not configured correctly. NTLM sessions that are allowed to fall back to Null (unauthenticated) sessions may gain unauthorized access. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Network security: Allow LocalSystem NULL session fallback to Disabled. |
| Network security- LAN Manager authentication level status | |
Setting is not configured at all or not configured correctly. The Kerberos v5 authentication protocol is the default for authentication of users who are logging on to domain accounts. NTLM, which is less secure, is retained in later Windows versions for compatibility with clients and servers that are running earlier versions of Windows or applications that still use it. It is also used to authenticate logons to standalone computers that are running later versions. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Network security: LAN Manager authentication level to Send NTLMv2 response only. Refuse LM & NTLM. |
| Network security- LDAP client signing requirements | |
Setting is not configured at all or not configured correctly. This setting controls the signing requirements for LDAP clients. This must be set to Negotiate signing or Require signing, depending on the environment and type of LDAP server in use. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Network security: LDAP client signing requirements to Negotiate signing at a minimum. |
| Network security- Minimum session security for NTLM SSP based (including secure RPC) clients status | |
Setting is not configured at all or not configured correctly. Microsoft has implemented a variety of security support providers for use with Remote Procedure Call (RPC) sessions. All of the options must be enabled to ensure the maximum security level. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Network security: Minimum session security for NTLM SSP based (including secure RPC) clients to Require NTLMv2 session security and Require 128-bit encryption (all options selected). |
| Network security- Minimum session security for NTLM SSP based (including secure RPC) servers status | |
Setting is not configured at all or not configured correctly. Microsoft has implemented a variety of security support providers for use with Remote Procedure Call (RPC) sessions. All of the options must be enabled to ensure the maximum security level. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Network security: Minimum session security for NTLM SSP based (including secure RPC) servers to Require NTLMv2 session security and Require 128-bit encryption (all options selected). |
| System objects- Strengthen default permissions of internal system objects status | |
||
| User Account Control- Admin Approval Mode for the Built-in Administrator account status | |
Setting is not configured at all or not configured correctly. User Account Control (UAC) is a security mechanism for limiting the elevation of privileges, including administrative accounts, unless authorized. This setting configures the built-in Administrator account so that it runs in Admin Approval Mode. Satisfies: SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00156 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> User Account Control: Admin Approval Mode for the Built-in Administrator account to Enabled. |
| User Account Control- Behavior of the elevation prompt for administrators in Admin Approval Mode status | |
Setting is not configured at all or not configured correctly. User Account Control (UAC) is a security mechanism for limiting the elevation of privileges, including administrative accounts, unless authorized. This setting configures the elevation requirements for logged-on administrators to complete a task that requires raised privileges. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode to Prompt for consent on the secure desktop. The more secure option for this setting, Prompt for credentials on the secure desktop, would also be acceptable. |
| User Account Control- Behavior of the elevation prompt for standard users status | |
Setting is not configured at all or not configured correctly. User Account Control (UAC) is a security mechanism for limiting the elevation of privileges, including administrative accounts, unless authorized. This setting controls the behavior of elevation when requested by a standard user account. Satisfies: SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00156 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> User Account Control: Behavior of the elevation prompt for standard users to Automatically deny elevation requests. |
| User Account Control- Detect application installations and prompt for elevation status | |
Setting is not configured at all or not configured correctly. User Account Control (UAC) is a security mechanism for limiting the elevation of privileges, including administrative accounts, unless authorized. This setting requires Windows to respond to application installation requests by prompting for credentials. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> User Account Control: Detect application installations and prompt for elevation to Enabled. |
| User Account Control- Only elevate UIAccess applications that are installed in secure locations status | |
Setting is not configured at all or not configured correctly. User Account Control (UAC) is a security mechanism for limiting the elevation of privileges, including administrative accounts, unless authorized. This setting configures Windows to only allow applications installed in a secure location on the file system, such as the Program Files or the WindowsSystem32 folders, to run with elevated privileges. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> User Account Control: Only elevate UIAccess applications that are installed in secure locations to Enabled. |
| User Account Control- Run all administrators in Admin Approval Mode status | |
Setting is not configured at all or not configured correctly. User Account Control (UAC) is a security mechanism for limiting the elevation of privileges, including administrative accounts, unless authorized. This setting enables UAC. Satisfies: SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00156 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> User Account Control: Run all administrators in Admin Approval Mode to Enabled. |
| User Account Control- Virtualize file and registry write failures to per-user locations status | |
Setting is not configured at all or not configured correctly. User Account Control (UAC) is a security mechanism for limiting the elevation of privileges, including administrative accounts, unless authorized. This setting configures non-UAC-compliant applications to run in virtualized file and registry entries in per-user locations, allowing them to run. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> User Account Control: Virtualize file and registry write failures to per-user locations to Enabled. |
| Audit Credential Validation status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Credential Validation records events related to validation tests on credentials for a user account logon. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Account Logon >> Audit Credential Validation with Success selected. |
| Audit Computer Account Management status | |
||
| Audit Other Account Management Events status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Other Account Management Events records events such as the access of a password hash or the Password Policy Checking API being called. Satisfies: SRG-OS-000327-GPOS-00127, SRG-OS-000064-GPOS-00033, SRG-OS-000462-GPOS-00206, SRG-OS-000466-GPOS-00210 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Account Management >> Audit Other Account Management Events with Success selected. |
| Audit Security Group Management status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Security Group Management records events such as creating, deleting, or changing security groups, including changes in group members. Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000239-GPOS-00089, SRG-OS-000240-GPOS-00090, SRG-OS-000241-GPOS-00091, SRG-OS-000303-GPOS-00120, SRG-OS-000476-GPOS-00221 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Account Management >> Audit Security Group Management with Success selected. |
| Audit User Account Management status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. User Account Management records events such as creating, changing, deleting, renaming, disabling, or enabling user accounts. Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000239-GPOS-00089, SRG-OS-000240-GPOS-00090, SRG-OS-000241-GPOS-00091, SRG-OS-000303-GPOS-00120, SRG-OS-000476-GPOS-00221 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Account Management >> Audit User Account Management with Success selected. |
| Audit PNP Activity status | |
||
| Audit Process Creation status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Process Creation records events related to the creation of a process and the source. Satisfies: SRG-OS-000327-GPOS-00127, SRG-OS-000471-GPOS-00215 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Detailed Tracking >> Audit Process Creation with Success selected. |
| Audit Directory Service Access status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Audit Directory Service Access records events related to users accessing an Active Directory object. Satisfies: SRG-OS-000327-GPOS-00127, SRG-OS-000458-GPOS-00203, SRG-OS-000463-GPOS-00207, SRG-OS-000468-GPOS-00212 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> DS Access >> Directory Service Access with Success selected. |
| Audit Directory Service Changes status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Audit Directory Service Changes records events related to changes made to objects in Active Directory Domain Services. Satisfies: SRG-OS-000327-GPOS-00127, SRG-OS-000458-GPOS-00203, SRG-OS-000463-GPOS-00207, SRG-OS-000468-GPOS-00212 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> DS Access >> Directory Service Changes with Success selected. |
| Audit Account Lockout status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Account Lockout events can be used to identify potentially malicious logon attempts. Satisfies: SRG-OS-000240-GPOS-00090, SRG-OS-000470-GPOS-00214 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Logon/Logoff >> Audit Account Lockout with Success selected. |
| Audit Group Membership status | |
||
| Audit Logon status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Logon records user logons. If this is an interactive logon, it is recorded on the local system. If it is to a network share, it is recorded on the system accessed. Satisfies: SRG-OS-000032-GPOS-00013, SRG-OS-000470-GPOS-00214, SRG-OS-000472-GPOS-00217, SRG-OS-000473-GPOS-00218, SRG-OS-000475-GPOS-00220 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Logon/Logoff >> Audit Logon with Success selected. |
| Audit Other Logon/Logoff Events status | |
||
| Audit Special Logon status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Special Logon records special logons that have administrative privileges and can be used to elevate processes. Satisfies: SRG-OS-000470-GPOS-00214, SRG-OS-000472-GPOS-00217, SRG-OS-000473-GPOS-00218, SRG-OS-000475-GPOS-00220 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Logon/Logoff >> Audit Special Logon with Success selected. |
| Audit Detailed File Share status | |
||
| Audit File Share status | |
||
| Audit Other Object Access Events status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Auditing for other object access records events related to the management of task scheduler jobs and COM+ objects. | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> Audit Other Object Access Events with Success selected. |
| Audit Removable Storage status | |
||
| Audit Audit Policy Change status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Audit Policy Change records events related to changes in audit policy. Satisfies: SRG-OS-000327-GPOS-00127, SRG-OS-000458-GPOS-00203, SRG-OS-000463-GPOS-00207, SRG-OS-000468-GPOS-00212 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Policy Change >> Audit Audit Policy Change with Success selected. |
| Audit Authentication Policy Change status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Authentication Policy Change records events related to changes in authentication policy, including Kerberos policy and Trust changes. Satisfies: SRG-OS-000327-GPOS-00127, SRG-OS-000064-GPOS-00033, SRG-OS-000462-GPOS-00206, SRG-OS-000466-GPOS-00210 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Policy Change >> Audit Authentication Policy Change with Success selected. |
| Audit MPSSVC Rule-Level Policy Change status | |
||
| Audit Other Policy Change Events status | |
||
| Audit Sensitive Privilege Use status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Sensitive Privilege Use records events related to use of sensitive privileges, such as Act as part of the operating system or Debug programs. Satisfies: SRG-OS-000327-GPOS-00127, SRG-OS-000064-GPOS-00033, SRG-OS-000462-GPOS-00206, SRG-OS-000466-GPOS-00210 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Privilege Use >> Audit Sensitive Privilege Use with Success selected. |
| Audit Other System Events status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Audit Other System Events records information related to cryptographic key operations and the Windows Firewall service. Satisfies: SRG-OS-000327-GPOS-00127, SRG-OS-000458-GPOS-00203, SRG-OS-000463-GPOS-00207, SRG-OS-000468-GPOS-00212 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> System >> Audit Other System Events with Success selected. |
| Audit Security State Change status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Security State Change records events related to changes in the security state, such as startup and shutdown of the system. Satisfies: SRG-OS-000327-GPOS-00127, SRG-OS-000458-GPOS-00203, SRG-OS-000463-GPOS-00207, SRG-OS-000468-GPOS-00212 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> System >> Audit Security State Change with Success selected. |
| Audit Security System Extension status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Security System Extension records events related to extension code being loaded by the security subsystem. Satisfies: SRG-OS-000327-GPOS-00127, SRG-OS-000458-GPOS-00203, SRG-OS-000463-GPOS-00207, SRG-OS-000468-GPOS-00212 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> System >> Audit Security System Extension with Success selected. |
| Audit System Integrity status | |
Setting is not configured at all or not configured correctly. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. System Integrity records events related to violations of integrity to the security subsystem. Satisfies: SRG-OS-000327-GPOS-00127, SRG-OS-000471-GPOS-00215, SRG-OS-000471-GPOS-00216, SRG-OS-000477-GPOS-00222 | Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> System >> Audit System Integrity with Success selected. |
| Domain member- Digitally encrypt or sign secure channel data (always) status | |
Setting is configured or test is passed. | |
| Microsoft network server- Digitally sign communications (always) status | |
Setting is configured or test is passed. | |
| Network security- Do not store LAN Manager hash value on next password change status | |
Setting is configured or test is passed. |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| Missing DNS Scavenging DCs | |
"Total DNS Servers Not Enabled with Server Level Scavenging:1" | 1 | IOE |
| Missing Domain Zones Scavenging | |
"Total Domain Zones Not Enabled with Scavenging:1" | 1 | IOC |
| Default Domain Policy-Minimum Password Length | |
"Account Policies Not Configured correctly in Total Domains:1" | 1 | IOE |
| FGPP Policies-Minimum Password Length | |
"FGPP Not Configured Correctly In Domains:Not Created" | Not Created | IOE |
| FGPP Policies Not Applying | |
"Total FGPP Not Applying in All Domains:Not Created" | Not Created | IOE |
| Errors and Warnings in Log DCs | |
"Total DCs with Event Log Errors:1" | 1 | IOE |
| Sites without Subnets Association | |
"Total AD Sites Without Subnets:1" | 1 | |
| PDC Emulator Time Source | |
"Root PDC Time Source:Internal Source" | Internal Source | |
| Disabled GPOs | |
"Total Disabled GPOs:0" | 23 | |
| GPOs not Linked to OUs | |
"Total OUs without GPO Linked:0" | 23 | IOE |
| GPOs not Applying | |
"Total GPOs not applying correctly in All Domains:0" | 34 | |
| Orphaned GPO Containers | |
"Total Orphaned Group Policy Objects:0" | 34 | |
| Found GPOs with Block Inheritance | |
"Total GPOs with Block Inheritance Defined:0" | 2 | |
| GPO Naming Convention | |
"Number Of GPOs do not follow Standard Naming Convention:0" | 32 | |
| Found GPO with WMI Filters | |
"Total GPO with WMI Filter:0" | 45 | |
| AD Recycle Bin Status | |
"AD Recycle Bin Status:Disabled" | Disabled | |
| Privileged Management Status | |
"Privileged Access Management Status:Disabled" | Disabled | |
| Managed Service Accounts Status | |
"Managed Service Accounts Status:Are not in use" | Are not in use | |
| Missing AD Sites Coverage | |
"Total AD Sites Not Covered:1" | 1 | |
| Sites Missing Bridgehead Server | |
"Number Of AD Sites Without Bridgehead Servers:1" | 1 | |
| AD Sites Redundancy | |
"Total AD Sites with Only One Domain Controller:1" | 1 | |
| Additional Roles and Features DCs | |
"Total Domain Controllers with Additional Roles and Features:1" | 1 | IOE |
| Replication Interval Not Optimized Sites | |
"Replication Interval is not optimized for Site Links:1" | 1 | |
| Security Groups without Objects | |
"Total Empty Security Groups In All Domains:32" | 32 | |
| Users without UPN specified | |
"Total Users with UPN Blank in all Domains:3" | 3 | |
| Missing Location Text in AD Sites | |
"Total AD Sites Not Defined With Location:1" | 1 | |
| GPO Description | |
"Number of GPOs not set with Description:2" | 23 | |
| Unsecure Updates Zones | |
"Total DNS Zones accepting non-secure updates:0" | 0 | IOE IOC |
| Unsupported Operating Systems | |
"Total End Of Life-Unsupported Operating Systems:0" | 0 | IOE |
| Domain Controllers not owned by Admins | |
"Total Domain Controllers owned by non-privileged accounts:0" | 0 | IOC |
| Missing DNS Forwarders DCs | |
"Total DNS Servers Do Not Have Forwarders Configured:0" | 0 | IOE |
| Missing Root Hints DCs | |
"Total DNS Servers Do Not Have Root Hints Configured:0" | 0 | IOE |
| NTFS Replication DCs | |
"Total Domain Controllers utilizing NTFRS for AD Replication:0" | 0 | IOE |
| Strict Replication Disabled DCs | |
"Total DCs with Strict Replication Consistency not enabled:0" | 0 | IOE IOC |
| Out Of Default OUs DCs | |
"Total DCs outside of it's Default OU:0" | 0 | |
| Unsupported OS DCs | |
"Total DCs running Unsupported Operating Systems:0" | 0 | IOE |
| Event Log Config Not Correct DCs | |
"Total DCs with Event Log misconfiguration:0" | 0 | |
| Event Log Size Not Optimized DCs | |
"Total DCs with Event Log Size not optimal:0" | 0 | |
| ADWS Service Set to Manual DCs | |
"Total DCs ADWS Not Set to Start Automatic:0" | 0 | IOE |
| DHCP Service Running DCs | |
"Total Domain Controllers with DHCP Server running:0" | 0 | IOE |
| Total Undefined Subnets | |
"Total Undefined Subnets in AD Forest:0" | 0 | |
| Sites without ISTG Role | |
"Total AD Sites Do Not Have ISTG Defined:0" | 0 | |
| Manual Replication Connection Objects | |
"Total Manual Replication Connection Objects:0" | 0 | |
| Missing Global Catalog Sites | |
"Total AD Sites Without Global Catalog Servers or No Universal Group Caching Enabled:0" | 0 | |
| Duplicate Site Links | |
"Total Duplicate Site Links:0" | 0 | |
| Sites With Manual Bridgehead Server | |
"Number Of AD Sites With Manual Bridgehead Servers:0" | 0 | |
| Sites creating Mesh Topology | |
"Total AD Site Links Containing More than Two AD Sites:0" | 0 | |
| AD Sites without Site Link | |
"Total AD Sites Not In Site Links:0" | 0 | |
| AD Sites without Domain Controller | |
"Total AD Sites Without Domain Controllers:0" | 0 | |
| Domain Controllers Time Source | |
"Total DCs Not Defined With Correct Time-Source:0" | 0 | |
| Domain FSMO Placement | |
"AD FSMO Placement Status:FSMO Placement is correct." | FSMO Placement is correct. | |
| Domain Naming Master and Schema Master Placement | |
"Status:Hosted on same computer" | Hosted on same computer | |
| Managed Service Accounts Not Linked | |
"Total Managed Service Accounts are not Linked:0" | 0 | IOE |
| TombstoneLifeTime Modified? | |
"Current TombstoneLifeTime Value:180" | 180 | |
| Check AD Forest Functional Level | |
"AD Forest Functional Level:Dynamicpacks.net is Windows2016Forest" | Dynamicpacks.net is Windows2016Forest | |
| Check AD Domain Functional Level | |
"Status:Ok" | Ok | |
| Ogranizational Units without Objects | |
"Total Empty Organizational Units In All Domains:0" | 0 | |
| Too many DNS Static Records | |
"Total Static Records:0" | 0 | IOC |
| DNS Round-Robin Not Enabled | |
"Total DNS Servers Not Enabled With Round Robin:0" | 0 |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| Domain GPO Application Status | |
"Total GPOs Not Applied:0" | 23 | |
| Missing SSL Authentication DCs | |
"Total DCs without SSL:1" | 1 | IOE |
| Missing Enough DNS Servers in NIC DCs | |
"Total DCs With inadequate Number Of DNS Servers in NIC Property:1" | 1 | |
| Not Enough Local Disks DCs | |
"Total DCs Not Configured With Recommended Disk Configuration:1" | 1 | |
| Replication Errors DCs | |
"Total DCS in Replication Errors:0" | 0 | IOE |
| Missed Reboot Cycles DCs | |
"Total DCs Not Rebooted Since Last 30 Days:0" | 0 | IOE |
| Orphaned DCs | |
"Total Orphaned Domain Controllers:0" | 0 | IOE |
| Missing Host Records DCs | |
"Total DCs Missing Host Records in DNS:0" | 0 | IOE |
| Not Enough Free Space DCs | |
"Total DCs with Low Disk Space:0" | 0 | IOE |
| Loopback Address Missing DCs | |
"Total DCs not configured with Loopback Address:0" | 0 | IOE |
| Multihomed DCs | |
"Total DCS in Multihomed State:0" | 0 | IOE |
| DCDiag Failure DCs | |
"Total DCs with DCDiag Failures:0" | 0 | |
| Missing DNS Dynmaic Registration on NIC DCs | |
"Total DCS NIC Dynamic Updates Not Enabled:0" | 0 | |
| Missing _msdcs Zone DCs | |
"Total DNS Servers Missing _msdcs Zone:0" | 0 | |
| AD Services not running DCs | |
"Total DCs with Services Not Running:0" | 0 | IOE |
| Conditional Forwarders Not Working | |
"Total Conditional Forwarders Configured:0" | 0 |
| Test | Severity | Items | Affected Objects | ANSSI ID | IOC/IOE |
| AdminSDHolder was Modified in last 30 days | |
"AdminSDHolder Object was modified in total domains:1" | 1 | vuln1_permissions_adminsdholder | IOC |
| Weak Password Policies Affected Admins | |
"Total Privileged Account using Weak Password Policy:2" | 23 | vuln2_privileged_members_password | IOE IOC |
| Protected Users Group Status | |
"Total Domains Not Using Protected Users Group:1" | 1 | vuln3_protected_users | |
| Denied RODC Password Replication Group missing Privileged Accounts | |
"Total Missing Privileged Groups in Denied RODC Password Replication Group:8" | 8 | vuln3_rodc_denied_group | IOE |
| User Accounts Pass Never Expires | |
"Total Users with Password Never Expires in all Domains:1" | 1 | vuln2_dont_expire | IOC |
| Missing Privileged Groups in Protected Users Group | |
"Total Missing Privileged Groups in Protected Users Group:Not In Use" | Not In Use | vuln3_protected_users | IOE IOC |
| Privileged Accounts Pass Never Expires | |
"Total Privileged Accounts set to Password Never Expire in all Domains:0" | 34 | vuln2_dont_expire | IOE IOC |
| Too Many Privileged Accounts | |
"Affected AD Domains:0" | 20 | vuln_privileged_members | IOC |
| Inactive Admins | |
"Total Enabled Admin Accounts Not In Use Since Last 30 Days:0" | 19 | vuln1_user_accounts_dormant | IOE |
| Privileged Groups Contain more than 20 members | |
"Privileged Groups Contain More than 20 members:0" | 18 | vuln1_privileged_members | IOE |
| Kerberos Pre-authentication Disabled | |
"Total Pre-Authentication Admins in all domains:0" | 55 | vuln1_kerberos_properties_preauth_priv | IOE IOC |
| Password Do Not Expire | |
"Total Admin Accounts set to PasswordNeverExpires:1" | 12 | vuln1_dont_expire_priv | IOE |
| Default Domain Policy-Minimum Password Length | |
"Account Policies Not Configured correctly in Total Domains:1" | 1 | vuln2_privileged_members_password | IOE |
| FGPP Policies-Minimum Password Length | |
"FGPP Not Configured Correctly In Domains:Not Created" | Not Created | vuln2_privileged_members_password | IOE |
| Dangerous Permissions Found on MicrosoftDNS Container | |
"AD Domains Affected:0" | 23 | vuln_permissions_msdns | IOE IOC |
| Dangerous Permissions Found on Naming Contexts | |
"AD Domains Affected:0" | 23 | vuln_permissions_naming_context | IOE IOC |
| Pre-Windows 2000 Compatible Access Group is not empty | |
"Number of AD Domains Affected:0" | 23 | vuln_compatible_2000_anonymous | IOE IOC |
| Found Groups with SID history Set | |
"Total Groups With sIDHistory Affected domains:0" | 23 | vuln_sidhistory_present | IOE IOC |
| Orphaned Admins on AdminSDHolder | |
"Total Possible Orphaned Admins in all Domains on AdminSDHolder object:0" | 0 | vuln1_permissions_adminsdholder | IOC |
| Dangerous Permissions on AdminSDHolder | |
"AD Domains Affected:0" | 0 | vuln1_privileged_members_perm vuln2_privileged_members_perm | IOC |
| Constrained delegation to domain controller service | |
"Total Computers with Constrained Delegation in all Domains:0" | 0 | vuln1_delegation_a2d2 | IOC |
| Resource-based constrained delegation on domain controllers | |
"Total Computers with Resource-Based Delegation in all Domains:0" | 0 | vuln1_delegation_sourcedeleg | IOC |
| Anonymous Access to Active Directory | |
"Anonymous Access To Active Directory:0" | 0 | vuln1_dsheuristics_bad | IOE |
| Anonymous or EVERYONE in Pre-Windows 2000 Group | |
"Number of Domains Affected:0" | 0 | vuln2_compatible_2000_anonymous | IOE IOC |
| Allowed RODC Password Replication Group is not empty | |
"Total Members in RODC Replication Group:0" | 0 | vuln3_rodc_allowed_group | IOE |
| Managed service accounts with passwords unchanged for more than 90 days | |
"Total Managed Service Accounts Password Unchanged Since last 90 days:0" | 0 | vuln_password_change_msa_no_change_90 | IOE |
| msDS-NeverRevealGroupattribute RODC missing Privileged Accounts | |
"Total Privileged Groups Not in PRP Denied List:0" | 0 | vuln3_rodc_never_reveal | IOE |
| Unsecure Updates Zones | |
"Total DNS Zones accepting non-secure updates:0" | 0 | vuln1_dnszone_bad_prop vuln3_dnszone_bad_prop | IOE IOC |
| Users with LastPasswordSet was never Set | |
"Total Users with LastPasswordSet was never set in all Domains:0" | 20 | vuln2_dont_expire | IOE |
| Users with PWDLastSet to ZERO | |
"Total Users with PWDLastSet to ZERO in all Domains:0" | 23 | vuln1_user_accounts_dormant | IOE |
| Users with SPNs Configured | |
"Total Users with SPN defined in all Domains:0" | 23 | vuln1_spn_priv | IOE |
| Password Expiration is missing for smart card users | |
"AD Domains Affected:0" | 4 | vuln_smartcard_expire_passwords | IOE |
| Users With DES encryption | |
"Total Users with DES Encryption in all Domains:0" | 23 | vuln2_kerberos_properties_deskey | IOE |
| Users With Reversible Encryption | |
"Total Users with Reversible Encryption set in all Domains:0" | 23 | vuln3_reversible_password | IOE |
| Users With Kerberos Pre-Authentication | |
"Total Pre-Authentication Users in all domains:0" | 23 | vuln1_kerberos_properties_preauth_priv vuln2_kerberos_properties_preauth | IOE |
| Users Modified with PrimaryGroupID | |
"Total Users with PrimaryGroupID Modified in all Domains:0" | 23 | vuln3_primary_group_id_nochange vuln1_primary_group_id_1000 | IOC |
| Users Disabled | |
"Total Disabled Users in all Domains:0" | 234 | vuln_user_accounts_dormant | IOC |
| Stale User Accounts | |
"Total Stale User Accounts in all Domains:0" | 400 | vuln1_user_accounts_dormant | IOC |
| User Accounts Pass Not Required | |
"Total Users with Password Not Required set in all Domains:0" | 0 | vuln2_dont_expire | IOC |
| Computers with SPNs Configured | |
"Total Computers using ServicePrincipalNames in all Domains:0" | 0 | vuln1_spn_priv | IOE |
| Computers With Unconstrained Delegation | |
"Total Computers with Unconstrained Delegation in all Domains:0" | 0 | vuln2_delegation_t4d | IOE |
| Computers Modified with PrimaryGroupID | |
"Total Computers modified with PrimaryGroupID:0" | 0 | vuln3_primary_group_id_nochange vuln1_primary_group_id_1000 | IOC |
| Computers Disabled | |
"Total Disabled Computer Accounts in all Domains:0" | 140 | vuln_user_accounts_dormant | IOC |
| Stale Computer Accounts | |
"Total Stale Computer Accounts in all Domains:0" | 200 | vuln1_user_accounts_dormant | IOC |
| Admins with SPNs Configured | |
"Total Admin Accounts With ServicePrincipalName Identified:0" | 0 | vuln1_spn_priv | IOE |
| Domain Controllers not owned by Admins | |
"Total Domain Controllers owned by non-privileged accounts:0" | 0 | vuln1_permissions_dc | IOC |
| Computer Objects not managed by Admins | |
"Total Computers Not Managed By Admins in all Domains:0" | 0 | vuln3_owner | IOC |
| Organizational Units not managed by Admins | |
"Total Organizational Units Not Managed By Admins:0" | 0 | vuln3_owner | IOC |
| KRBTGT Account Password Not Changed | |
"Total Domains Using KRBTGT Old Password:0" | 0 | vuln2_krbtgt | IOE |
| Passwords Not Changed within 90 days | |
"Total Admin Accounts Did Not Change Their Passwords Since Last 90 Days:0" | 23 | vuln1_password_change_priv | IOE |
| DNSAdmins Group has members | |
"Total Members In DNSAdmins Group In All Domains:0" | 45 | vuln1_dnsadmins and vuln1_permissions_msdn | IOE IOC |
| Domain Controllers Modified with PrimaryGroupID | |
"Total Domain Controllers modified with PrimaryGroupID:0" | 0 | vuln3_primary_group_id_nochange vuln1_primary_group_id_1000 | IOC |
| Inconsistent DCs | |
"Total Domain Controllers in Inconsistent State:0" | 0 | vuln1_dc_inconsistent_uac | IOE |
| Unauthenticated DCs since last 45 Days | |
"Total Domain Controllers Not Authenticated Within 45 days In All Domains:0" | 0 | vuln1_password_change_inactive_dc | IOE |
| Secrets not renewed DCs | |
"Total Domain Controllers Not Changed Password Within 45 Days In All Domains:0" | 0 | vuln1_password_change_dc_no_change | IOE |
| Orphaned DCs | |
"Total Orphaned Domain Controllers:0" | 0 | vuln1_dc_inconsistent_uac | IOE |
| NTFS Replication DCs | |
"Total Domain Controllers utilizing NTFRS for AD Replication:0" | 0 | vuln2_sysvol_ntfrs | IOE |
| Duplicate SPNs | |
"Total Duplicate SPNs in AD Domains:0" | 0 | vuln1_delegation_sourcedeleg | |
| Unauthenticated Servers | |
"Total Servers Not Authenticated Within 90 Days in All Domains:0" | 0 | vuln2_password_change_server_no_change_90 | IOE IOC |
| Secrets not renewed Servers | |
"Total Servers Not Changing Password within 45 days in all Domains:0" | 0 | vuln3_password_change_server_no_change_45 | IOE IOC |
| AD Forest Schema Not upto date | |
"Current Forest Schema Version Status:OK:88" | OK:88 | vuln2_adupdate_bad | IOE |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| Protected Users Group Status | |
Total Domains Not Using Protected Users Group:1 | 1 | |
| Missing Microsoft LAPS in AD Forest | |
Microsoft LAPS Status:Not Deployed | Not Deployed | |
| AD Recycle Bin Status | |
AD Recycle Bin Status:Disabled | Disabled | |
| Privileged Management Status | |
Privileged Access Management Status:Disabled | Disabled | |
| Managed Service Accounts Status | |
Managed Service Accounts Status:Are not in use | Are not in use | |
| gMSA Accounts Status | |
Total Domains With gMSA Accounts:0 | 0 |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| AdminSDHolder was Modified in last 30 days | |
AdminSDHolder Object was modified in total domains:1 | 1 | IOC |
| Objects Modified in Last 10 Days | |
Total Objects Modified in AD Domains in last 10 days:241 | 241 | IOE IOC |
| Objects Created in Last 10 Days | |
Total Objects Created in AD Domains in last 10 days:241 | 241 | IOE IOC |
| Anyone can Join Computers to Domain | |
Total Domains Allowing Normal Users to Join Computers to domain:1 | 1 | IOE |
| Denied RODC Password Replication Group missing Privileged Accounts | |
Total Missing Privileged Groups in Denied RODC Password Replication Group:8 | 8 | IOE |
| Schema Admin Group members | |
Schema Admins Group contains members:1 | 1 | IOE |
| Missing Domain Zones Scavenging | |
Total Domain Zones Not Enabled with Scavenging:1 | 1 | IOC |
| Orphaned Admins on AdminSDHolder | |
Total Possible Orphaned Admins in all Domains on AdminSDHolder object:0 | 0 | IOC |
| Dangerous Permissions on AdminSDHolder | |
AD Domains Affected:0 | 0 | IOC |
| Constrained delegation to domain controller service | |
Total Computers with Constrained Delegation in all Domains:0 | 0 | IOC |
| Resource-based constrained delegation on domain controllers | |
Total Computers with Resource-Based Delegation in all Domains:0 | 0 | IOC |
| Anonymous Access to Active Directory | |
Anonymous Access To Active Directory:0 | 0 | IOE |
| Anonymous or EVERYONE in Pre-Windows 2000 Group | |
Number of Domains Affected:0 | 0 | IOE IOC |
| Found Hidden Domain Controllers | |
Total Hidden Domain Controllers:0 | 0 | IOE |
| Successful Exploit Machine Accounts Found | |
Total Exploit Machine Accounts:0 | 0 | IOE |
| Possible User-based Service Accounts found | |
Total Possible User-Based Service Accounts:0 | 0 | IOC |
| Domain Trusts Found | |
Domain Trusts Status:Not Found | Not Found | IOE IOC |
| Replication Errors DCs | |
Total DCS in Replication Errors:0 | 0 | IOE |
| Allowed RODC Password Replication Group is not empty | |
Total Members in RODC Replication Group:0 | 0 | IOE |
| Managed service accounts with passwords unchanged for more than 90 days | |
Total Managed Service Accounts Password Unchanged Since last 90 days:0 | 0 | IOE |
| msDS-NeverRevealGroupattribute RODC missing Privileged Accounts | |
Total Privileged Groups Not in PRP Denied List:0 | 0 | IOE |
| Unsecure Updates Zones | |
Total DNS Zones accepting non-secure updates:0 | 0 | IOE IOC |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| User Accounts Pass Never Expires | |
Total Users with Password Never Expires in all Domains:1 | 1 | IOC |
| Users with LastPasswordSet was never Set | |
Total Users with LastPasswordSet was never set in all Domains:0 | 20 | IOE |
| Users with PWDLastSet to ZERO | |
Total Users with PWDLastSet to ZERO in all Domains:0 | 23 | IOE |
| Users with SPNs Configured | |
Total Users with SPN defined in all Domains:0 | 23 | IOE |
| Password Expiration is missing for smart card users | |
AD Domains Affected:0 | 4 | IOE |
| Accounts vulnerable to Kerberoasting Found | |
Total Kerberoasting Accounts Found:0 | 23 | IOE |
| Users With DES encryption | |
Total Users with DES Encryption in all Domains:0 | 23 | IOE |
| Users With Reversible Encryption | |
Total Users with Reversible Encryption set in all Domains:0 | 23 | IOE |
| Users With Kerberos Pre-Authentication | |
Total Pre-Authentication Users in all domains:0 | 23 | IOE |
| Users Modified with PrimaryGroupID | |
Total Users with PrimaryGroupID Modified in all Domains:0 | 23 | IOC |
| Users Sending Bad Logons | |
Total Users sending Bad Logons in all Domains:0 | 23 | IOC |
| Users Disabled | |
Total Disabled Users in all Domains:0 | 234 | IOC |
| Stale User Accounts | |
Total Stale User Accounts in all Domains:0 | 400 | IOC |
| Users Expired | |
Total Expired Users in all Domains:0 | 200 | IOC |
| User Accounts Pass Not Required | |
Total Users with Password Not Required set in all Domains:0 | 0 | IOC |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| Computers with SPNs Configured | |
Total Computers using ServicePrincipalNames in all Domains:0 | 0 | IOE |
| Computers With Unconstrained Delegation | |
Total Computers with Unconstrained Delegation in all Domains:0 | 0 | IOE |
| Computers Modified with PrimaryGroupID | |
Total Computers modified with PrimaryGroupID:0 | 0 | IOC |
| Computers Sending Bad Logons | |
Total Computers sending Bad Logon Attempts in all Domains:0 | 0 | IOC |
| Computers Disabled | |
Total Disabled Computer Accounts in all Domains:0 | 140 | IOC |
| Stale Computer Accounts | |
Total Stale Computer Accounts in all Domains:0 | 200 | IOC |
| Unsupported Operating Systems | |
Total End Of Life-Unsupported Operating Systems:0 | 0 | IOE |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| Admins with SPNs Configured | |
Total Admin Accounts With ServicePrincipalName Identified:0 | 0 | IOE |
| Admins Sending Bad Logons | |
Total Privileged Users With Bad Logon Attempts:0 | 0 | IOC |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| Domain Controllers not owned by Admins | |
Total Domain Controllers owned by non-privileged accounts:0 | 0 | IOC |
| Computer Objects not managed by Admins | |
Total Computers Not Managed By Admins in all Domains:0 | 0 | IOC |
| Organizational Units not managed by Admins | |
Total Organizational Units Not Managed By Admins:0 | 0 | IOC |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| Sensitive GPOs Modified | |
Sensitive GPOs Status in Last 10 Days:WARNING: Modified | WARNING: Modified | IOC |
| Changes to Privileged Groups in Last 15 days | |
Total Privileged Groups Modified in Last 15 Days in All Domains:13 | 13 | IOC |
| Recently Created Privileged Admins | |
Total Privileged Accounts created in last 10 days in all domains:0 | 0 | IOC |
| Users Identified with Privileged SIDs in sIDHistory | |
Total Users containing Admin Accounts in sIDHistory in all Domains:0 | 0 | IOC |
| Computers Identified with Privileged SIDs in sIDHistory | |
Total Computers containing Admin Accounts in sIDHistory in all Domains:0 | 0 | IOC |
| Found Excluded Groups by AdminSDHolder and SDProp | |
Total Excluded Groups by SDProp Process:0 | 0 | IOC |
| krbtgt Account with Resource-Based Constrained Delegation | |
Affected number of Domains:0 | 0 | IOC |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| Built-In Admin Account Not protected | |
Default Administrator Account not protected in all domains:1 | 1 | IOE IOC |
| Built-In Admin Account Not Disabled | |
Default Admin Account not disabled in Total Domains:1 | 1 | IOE IOC |
| Built-In Admin Account Not Renamed | |
Default Admin Account not renamed in Total Domains:1 | 1 | IOE |
| Built-In Admin Account was used in last 10 days | |
Total Domains in which Default Administrator account was used in last 10 days:1 | 1 | IOC |
| Guest Account is not renamed | |
Guest Account not renamed in Total Domains:1 | 1 | IOE |
| Built-In Admin Account Password Not Changed in 90 days | |
Total Domains in which Default Administrator password not changed since last 90 days:0 | 0 | IOE |
| KRBTGT Account Password Not Changed | |
Total Domains Using KRBTGT Old Password:0 | 0 | IOE |
| Guest Account is enabled | |
Total Guest Accounts Enabled in All Domains:0 | 0 | IOE |
| Administrator Account ServicePrincipalNames Found | |
Total AD Domains Affected:0 | 0 | IOE |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| Misconfigured Administrative Accounts Found | |
Total Admins Misconfigured:2 | 2 | IOE IOC |
| Weak Password Policies Affected Admins | |
Total Privileged Account using Weak Password Policy:2 | 23 | IOE IOC |
| Missing Privileged Groups in Protected Users Group | |
Total Missing Privileged Groups in Protected Users Group:Not In Use | Not In Use | IOE IOC |
| Privileged Accounts Pass Never Expires | |
Total Privileged Accounts set to Password Never Expire in all Domains:0 | 34 | IOE IOC |
| Too Many Privileged Accounts | |
Affected AD Domains:0 | 20 | IOC |
| Inactive Admins | |
Total Enabled Admin Accounts Not In Use Since Last 30 Days:0 | 19 | IOE |
| Privileged Groups Contain more than 20 members | |
Privileged Groups Contain More than 20 members:0 | 18 | IOE |
| Kerberos Pre-authentication Disabled | |
Total Pre-Authentication Admins in all domains:0 | 55 | IOE IOC |
| Privileged Groups Contained Computer Accounts | |
Total computer accounts part of privileged groups:0 | 90 | IOE IOC |
| Privileged Admins missing AdminCount=1 Flag | |
Total Admins not set with AdminCount=1 flag in all domains:0 | 87 | IOC |
| ForeignSecurityPrincipals In Privileged Groups | |
Total ForeignSecurityPrincipal in Privileged Groups:0 | 64 | IOE IOC |
| Operators Groups are not empty | |
Operators Groups containing total members in all domains:0 | 10 | IOE IOC |
| Password Do Not Expire | |
Total Admin Accounts set to PasswordNeverExpires:1 | 12 | IOE |
| Disabled Admins part of Privileged Groups | |
Total Disabled Admins In Privileged Groups:0 | 23 | IOE |
| Passwords Not Changed within 90 days | |
Total Admin Accounts Did Not Change Their Passwords Since Last 90 Days:0 | 23 | IOE |
| DNSAdmins Group has members | |
Total Members In DNSAdmins Group In All Domains:0 | 45 | IOE IOC |
| AdminsCount Flag set users not acting as Admins | |
Total Unknown Admins Found:0 | 232 | IOC |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| Default Domain Policy-Minimum Password Length | |
Account Policies Not Configured correctly in Total Domains:1 | 1 | IOE |
| FGPP Policies-Minimum Password Length | |
FGPP Not Configured Correctly In Domains:Not Created | Not Created | IOE |
| FGPP Policies Not Applying | |
Total FGPP Not Applying in All Domains:Not Created | Not Created | IOE |
| Account Lockout Policies Missing | |
Total Accounts Locked Out in All Domains:0 | 0 | IOE |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| TLS 1.1 Enabled DCs | |
Total Domain Controllers with TLS 1.1 Protocol Enabled:1 | 1 | IOE |
| NTLM Authentication Enabled DCs | |
Total Domain Controllers with NTLM Enabled:1 | 1 | IOE |
| AllowNT4Crypto DCs | |
Total DCs with AllowNT4Crypto Enabled:1 | 1 | IOE |
| RC4 Encryption Enabled DCs | |
Total Domain Controllers With RC4 Encryption Enabled:1 | 1 | IOE |
| Missing Updates DCs | |
Total DCs Not Updated Since Last 45 Days:1 | 1 | IOE |
| Domain Controllers Modified with PrimaryGroupID | |
Total Domain Controllers modified with PrimaryGroupID:0 | 0 | IOC |
| SMB 1 Protocol Enabled DCs | |
Total Domain Controllers with SMB1 Server Protocol Enabled:0 | 0 | IOE |
| SMB 1 Client Protocol Enabled DCs | |
Total Domain Controllers with SMB1 Client Service Enabled:0 | 0 | IOE |
| LAN Manager password hashes Enabled DCs | |
Total DCs with LAN Manager Password Hashes:0 | 0 | IOE |
| SMB Signing Disabled DCs | |
Total Domains Controller Without SMB Signing:0 | 0 | IOE |
| LDAP Signing Disabled DCs | |
Total Domain Controllers Without LDAP Signing:0 | 0 | IOE |
| Inconsistent DCs | |
Total Domain Controllers in Inconsistent State:0 | 0 | IOE |
| Unauthenticated DCs since last 45 Days | |
Total Domain Controllers Not Authenticated Within 45 days In All Domains:0 | 0 | IOE |
| Secrets not renewed DCs | |
Total Domain Controllers Not Changed Password Within 45 Days In All Domains:0 | 0 | IOE |
| Missed Reboot Cycles DCs | |
Total DCs Not Rebooted Since Last 30 Days:0 | 0 | IOE |
| No Contacts with Domain Controllers in Last Three Months | |
Total Domain Controllers not contacted since last three months:0 | 0 | IOE |
| Ensure UNC Paths for SYSVOL and NETLOGON are harderend | |
SYSVOL and Netlogon Hardening Missing on Total DCs:0 | 0 | IOE |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| Missing DNS Scavenging DCs | |
Total DNS Servers Not Enabled with Server Level Scavenging:1 | 1 | IOE |
| Errors and Warnings in Log DCs | |
Total DCs with Event Log Errors:1 | 1 | IOE |
| Scheduled Tasks found on Domain Controllers | |
Total Scheduled Tasks on DCs:3 | 3 | IOC |
| Missing SSL Authentication DCs | |
Total DCs without SSL:1 | 1 | IOE |
| Missing Enough DNS Servers in NIC DCs | |
Total DCs With inadequate Number Of DNS Servers in NIC Property:1 | 1 | |
| Not Enough Local Disks DCs | |
Total DCs Not Configured With Recommended Disk Configuration:1 | 1 | |
| Orphaned DCs | |
Total Orphaned Domain Controllers:0 | 0 | IOE |
| Missing DNS Forwarders DCs | |
Total DNS Servers Do Not Have Forwarders Configured:0 | 0 | IOE |
| Missing Root Hints DCs | |
Total DNS Servers Do Not Have Root Hints Configured:0 | 0 | IOE |
| Missing Host Records DCs | |
Total DCs Missing Host Records in DNS:0 | 0 | IOE |
| Not Enough Free Space DCs | |
Total DCs with Low Disk Space:0 | 0 | IOE |
| Loopback Address Missing DCs | |
Total DCs not configured with Loopback Address:0 | 0 | IOE |
| Multihomed DCs | |
Total DCS in Multihomed State:0 | 0 | IOE |
| NTFS Replication DCs | |
Total Domain Controllers utilizing NTFRS for AD Replication:0 | 0 | IOE |
| Strict Replication Disabled DCs | |
Total DCs with Strict Replication Consistency not enabled:0 | 0 | IOE IOC |
| DCDiag Failure DCs | |
Total DCs with DCDiag Failures:0 | 0 | |
| Out Of Default OUs DCs | |
Total DCs outside of it's Default OU:0 | 0 | |
| Unsupported OS DCs | |
Total DCs running Unsupported Operating Systems:0 | 0 | IOE |
| Missing DNS Dynmaic Registration on NIC DCs | |
Total DCS NIC Dynamic Updates Not Enabled:0 | 0 | |
| Missing _msdcs Zone DCs | |
Total DNS Servers Missing _msdcs Zone:0 | 0 | |
| Event Log Config Not Correct DCs | |
Total DCs with Event Log misconfiguration:0 | 0 | |
| Event Log Size Not Optimized DCs | |
Total DCs with Event Log Size not optimal:0 | 0 |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| Print Spooler Service Running DCs | |
Total Domain Controllers with Print Spooler Service running:1 | 1 | IOE |
| Software Installed on Domain Controllers | |
Total Software Installed on DCs:6 | 6 | IOE |
| Additional Roles and Features DCs | |
Total Domain Controllers with Additional Roles and Features:1 | 1 | IOE |
| Fax Server role installed DCs | |
Total Domain Controllers have Fax Server Installed::0 | 0 | IOE |
| Microsoft FTP service installed DCs | |
Total Domain Controllers have FTP Server Installed::0 | 0 | IOE |
| Peer Name Resolution Protocol installed DCs | |
Total Domain Controllers have Peer Name Resolution Protocol Installed::0 | 0 | IOE |
| Simple TCP-IP Services installed DCs | |
Total Domain Controllers have Simple TCP/IP Services Installed::0 | 0 | IOE |
| Telnet Client installed DCs | |
Total Domain Controllers have Telnet Client Installed::0 | 0 | IOE |
| TFTP Client installed DCs | |
Total Domain Controllers have TFTP Client Installed::0 | 0 | IOE |
| Server Message Block (SMB) v1 protocol Installed DCs | |
Total Domain Controllers have SMB 1.0/CIFS File Sharing Support Installed::0 | 0 | IOE |
| Windows PowerShell 2.0 installed DCs | |
Total Domain Controllers have Windows PowerShell 2.0 Engine Installed::0 | 0 | IOE |
| ADWS Service Set to Manual DCs | |
Total DCs ADWS Not Set to Start Automatic:0 | 0 | IOE |
| DHCP Service Running DCs | |
Total Domain Controllers with DHCP Server running:0 | 0 | IOE |
| AD Services not running DCs | |
Total DCs with Services Not Running:0 | 0 | IOE |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| Sites without Subnets Association | |
Total AD Sites Without Subnets:1 | 1 | |
| Missing AD Sites Coverage | |
Total AD Sites Not Covered:1 | 1 | |
| Sites Missing Bridgehead Server | |
Number Of AD Sites Without Bridgehead Servers:1 | 1 | |
| AD Sites Redundancy | |
Total AD Sites with Only One Domain Controller:1 | 1 | |
| Replication Interval Not Optimized Sites | |
Replication Interval is not optimized for Site Links:1 | 1 | |
| Total Undefined Subnets | |
Total Undefined Subnets in AD Forest:0 | 0 | |
| Sites without ISTG Role | |
Total AD Sites Do Not Have ISTG Defined:0 | 0 | |
| Manual Replication Connection Objects | |
Total Manual Replication Connection Objects:0 | 0 | |
| Missing Global Catalog Sites | |
Total AD Sites Without Global Catalog Servers or No Universal Group Caching Enabled:0 | 0 | |
| Duplicate Site Links | |
Total Duplicate Site Links:0 | 0 | |
| Sites With Manual Bridgehead Server | |
Number Of AD Sites With Manual Bridgehead Servers:0 | 0 | |
| Sites creating Mesh Topology | |
Total AD Site Links Containing More than Two AD Sites:0 | 0 | |
| AD Sites without Site Link | |
Total AD Sites Not In Site Links:0 | 0 | |
| AD Sites without Domain Controller | |
Total AD Sites Without Domain Controllers:0 | 0 |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| PDC Emulator Time Source | |
Root PDC Time Source:Internal Source | Internal Source | |
| Domain Controllers Time Source | |
Total DCs Not Defined With Correct Time-Source:0 | 0 | |
| Domain FSMO Placement | |
AD FSMO Placement Status:FSMO Placement is correct. | FSMO Placement is correct. | |
| Domain Naming Master and Schema Master Placement | |
Status:Hosted on same computer | Hosted on same computer |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| Unprotected OUs | |
Total Ous not protected:1 | 1 | |
| Security Groups without Objects | |
Total Empty Security Groups In All Domains:32 | 32 | |
| Users without UPN specified | |
Total Users with UPN Blank in all Domains:3 | 3 | |
| Missing Location Text in AD Sites | |
Total AD Sites Not Defined With Location:1 | 1 | |
| Managed Service Accounts Not Linked | |
Total Managed Service Accounts are not Linked:0 | 0 | IOE |
| TombstoneLifeTime Modified? | |
Current TombstoneLifeTime Value:180 | 180 | |
| Check AD Forest Functional Level | |
AD Forest Functional Level:Dynamicpacks.net is Windows2016Forest | Dynamicpacks.net is Windows2016Forest | |
| Check AD Domain Functional Level | |
Status:Ok | Ok | |
| Ogranizational Units without Objects | |
Total Empty Organizational Units In All Domains:0 | 0 | |
| Duplicate SPNs | |
Total Duplicate SPNs in AD Domains:0 | 0 | |
| Unauthenticated Servers | |
Total Servers Not Authenticated Within 90 Days in All Domains:0 | 0 | IOE IOC |
| Secrets not renewed Servers | |
Total Servers Not Changing Password within 45 days in all Domains:0 | 0 | IOE IOC |
| AD Forest Schema Not upto date | |
Current Forest Schema Version Status:OK:88 | OK:88 | IOE |
| Found Unused Netlogon Scripts | |
Total Unused Scripts In All Domains:0 | 0 | IOE IOC |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| Too many DNS Static Records | |
Total Static Records:0 | 0 | IOC |
| DNS Round-Robin Not Enabled | |
Total DNS Servers Not Enabled With Round Robin:0 | 0 | |
| Conditional Forwarders Not Working | |
Total Conditional Forwarders Configured:0 | 0 |
| Test | Severity | Items | Affected Objects | IOC/IOE |
| Accounts with Extended Rights to Read LAPS Passwords Found | |
Illegal Accounts Found to read LAPS in AD Domains:LAPS/Module Not Installed | LAPS/Module Not Installed | IOE IOC |
| High Value Targets Found | |
Total High Value Targets Found:2 | 2 | IOE IOC |
| Access Control Lists on Computers Found | |
Total Abusable ACLs on Computer Objects:0 | 23 | IOE IOC |
| Access Control Lists on Security Groups Found | |
Found Dangerous Group Permissions in AD Domains:0 | 23 | IOE IOC |
| Access Control Lists on Users Found | |
Found Dangerous User Permissions:0 | 23 | IOE IOC |
| Group Policy Objects with Improper Permissions Found | |
Abusable GPO Permissions found in Total AD Domains:0 | 23 | IOE IOC |
| Group Policy Object Assignments with Improper Permissions Found | |
Total Abusable GPO Permissions in AD Domains:0 | 23 | IOE IOC |
| Dangerous Permissions Found on MicrosoftDNS Container | |
AD Domains Affected:0 | 23 | IOE IOC |
| Dangerous Permissions Found on Naming Contexts | |
AD Domains Affected:0 | 23 | IOE IOC |
| Pre-Windows 2000 Compatible Access Group is not empty | |
Number of AD Domains Affected:0 | 23 | IOE IOC |
| Found Groups with SID history Set | |
Total Groups With sIDHistory Affected domains:0 | 23 | IOE IOC |
| Normal Users Full Control Permissions on OUs | |
Total Normal User Accounts with Full Control Rights to Organizational Units in all Domains:0 | 0 | IOE IOC |
| EVERYONE Full Control Permissions on OUs | |
Total Organizational Units with Everyone Full Control Access Rights:0 | 23 | IOE IOC |
| Abusable Permissions Found on SYSVOL and NETLOGON | |
Abusable Permissions Found on SYSVOL and Netlogon Shares:Ok | Ok | IOE IOC |
| LAPS SearchFlag modified | |
LAPS SearchFlags Modified:Modified | Modified | IOE IOC |
| Unauthorized Users having GPLink Rights on Domain NC | |
AD Domains Affected:0 | 23 | IOE IOC |
| Unauthorized Users having GPLink Rights on Domain Controllers OU | |
AD Domains Affected:0 | 23 | IOE IOC |
| Unauthorized Users having GPLink Rights on AD Sites | |
AD Sites Affected:0 | 23 | IOE IOC |
TEST NAME
Protected Users Group Status
Description
Protected Users Group is NOT in use. The Protected Users group was introduced in Server 2012-R2 Active Directory to minimize credential exposure for privileged accounts. Users in the Protected Users group are more secure when authenticating Windows resources. The differences include no longer caching clear-text passwords, even when Windows Digest is enabled, NTLM will no longer cache clear-text passwords, and Kerberos will no longer create DES or RC4 keys. When logging into domain controllers, members of the Protected Users group cannot authenticate via NTLM (Kerberos only), use DES or RC4 for Kerberos pre-authentication, and cannot be delegated with constrained or unconstrained delegation.
Recommendation and Steps
Ensure that all privileged users are members of the Protected Users group. If using a pre-2012-R2 schema, then the protected users group does not exist. This is an exposure, but the remediation is to upgrade the schema. Warning: use of the Protected Users group comes with significant functional impacts. Privileged users must be members of the Protected Users group.
Associated Objects Per Domain/AD Forest
| AD Domain | Protected Users Group In Use? |
| Dynamicpacks.net | Not In Use-No Admins Added |
Affected Objects
| AD Domain | Protected Users Group In Use? |
| Dynamicpacks.net | Not In Use-No Admins Added |
TEST NAME
AD Recycle Bin Status
Description
AD Recycle Bin feature is NOT Enabled. Please review and enable AD Recycle Bin feature in Active Directory. There are some Forest Functional Level requirements which must be met before it can be enabled.
Recommendation and Steps
Refer issue details.
Associated Objects Per Domain/AD Forest
| Final Status | Item | Value |
| Disabled | AD Recycle Bin Feature |
Affected Objects
TEST NAME
Privileged Management Status
Description
AD Privileged Access Management is NOT enabled. Refer issue details.
Recommendation and Steps
Please review and enable AD Privileged Access Management feature in Active Directory. There are some Forest Functional Level requirements which must be met before it can be enabled.
Associated Objects Per Domain/AD Forest
| Final Status | Item | Value |
| Disabled | Privileged Access Management Feature |
Affected Objects
TEST NAME
Managed Service Accounts Status
Description
Found Managed Service Accounts in Active Directory domains. Refer issue details.
Recommendation and Steps
Please review the list provided and remove the Managed Service Accounts that are not in use.
Associated Objects Per Domain/AD Forest
| AD Domain | Managed Service Account |
| Dynamicpacks.net | 0 |
Affected Objects
TEST NAME
gMSA Accounts Status
Description
gMSA is NOT in use. The group Managed Service Account (gMSA) feature in Windows Server 2016 allows automatic rotation of passwords for service accounts, making them much more difficult for attackers to compromise. The feature should be used whenever possible for service accounts.
Recommendation and Steps
Group Managed Service Accounts should be used to protect service accounts.
Associated Objects Per Domain/AD Forest
| AD Domain | Total gMSA Accounts |
| Dynamicpacks.net | 0 |
Affected Objects
TEST NAME
Missing Microsoft LAPS in AD Forest
Description
Microsoft LAPS is not deployed in AD Forest. Microsoft LAPS helps in protecting against pass-the-hash and lateral-traversal attacks, improved security for remote help desk scenarios, Ability to sign in to and recover devices that are otherwise inaccessible, a fine-grained security model (access control lists and optional password encryption) for securing passwords that are stored in Windows Server Active Directory, and support for the Azure role-based access control model for securing passwords that are stored in Azure Active Directory.
Recommendation and Steps
It is recommended to implement Microsoft LAPS in AD Forest using the official Microsoft documentation available here: https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview
Associated Objects Per Domain/AD Forest
| Microsoft LAPS Status |
| Not Deployed |
Affected Objects
TEST NAME
Orphaned Admins on AdminSDHolder
Description
No Orphaned Admins were found on the AdminSDHolder Object.
TEST NAME
Dangerous Permissions on AdminSDHolder
Description
No Full Control Permissions on AdminSDHolder Object.
TEST NAME
AdminSDHolder was Modified in last 30 days
Description
AdminSDHolder was modified in the last 30 days. Active Directory Domain Services uses AdminSDHolder, protected groups and Security Descriptor propagator (SD propagator or SDPROP for short) to secure privileged users and groups from unintentional modification. Unlike most objects in the Active Directory domain, which are owned by the Administrators group, AdminSDHolder is owned by the Domain Admins group. The AdminSDHolder object has a unique Access Control List (ACL), which is used to control the permissions of security principals that are members of built-in privileged Active Directory groups. Every hour, a background process runs on the domain controller to compare manual modifications to an ACL and overwrites them so that the ACL matches the ACL on the AdminSDHolder object. Any changes to AdminSDHolder object is a security risk.
Recommendation and Steps
Please review why AdminSDHolder was modified and if any user or computer accounts that were added to the security tab of the AdminSDHolder object.
Associated Objects Per Domain/AD Forest
| AD Domain | AdminSDHolder Object was modified in last 30 days? | Last Modification Date |
| Dynamicpacks.net | was modified | 12/30/2024 23:06:04 |
Affected Objects
| AD Domain | AdminSDHolder Object was modified in last 30 days? | Last Modification Date |
| Dynamicpacks.net | was modified | 12/30/2024 23:06:04 |
TEST NAME
Constrained delegation to domain controller service
Description
No computer accounts found with constrained delegation.
TEST NAME
Resource-based constrained delegation on domain controllers
Description
No Resource-based constrained delegation is configured on domain controllers.
TEST NAME
Anonymous Access to Active Directory
Description
Anonymous Access to Active Directory is disabled
TEST NAME
Anonymous or EVERYONE in Pre-Windows 2000 Group
Description
Everyone or Anonymous groups were not found in Pre-Windows 2000 compatibility group.
TEST NAME
Found Hidden Domain Controllers
Description
Test has passed.
TEST NAME
Successful Exploit Machine Accounts Found
Description
Test has passed.
TEST NAME
Possible User-based Service Accounts found
Description
Test has passed.
TEST NAME
Objects Modified in Last 10 Days
Description
Objects were created in last 10 days. As such there is no impact, but need to identify as to if there is any privileged account that was created in the last 10 days.
Recommendation and Steps
Please review the list of objects created.
Associated Objects Per Domain/AD Forest
| AD Domain | Number Of objects Modified in Last 10 Days |
| Dynamicpacks.net | 241 |
Affected Objects
| AD Domain | DistinguishedName | ObjectClass | WhenChanged |
| Dynamicpacks.net | CN=SYSVOL Subscription-CN=Domain System Volume-CN=DFSR-LocalSettings-CN=DC114-OU=Domain Controllers-DC=Dynamicpacks-DC=net | msDFSR-Subscription | 12/30/2024 10:56:37 PM |
| Dynamicpacks.net | CN=Domain System Volume-CN=DFSR-LocalSettings-CN=DC114-OU=Domain Controllers-DC=Dynamicpacks-DC=net | msDFSR-Subscriber | 12/30/2024 10:51:36 PM |
| Dynamicpacks.net | CN=DFSR-LocalSettings-CN=DC114-OU=Domain Controllers-DC=Dynamicpacks-DC=net | msDFSR-LocalSettings | 12/30/2024 10:56:37 PM |
| Dynamicpacks.net | CN=DC114-CN=Topology-CN=Domain System Volume-CN=DFSR-GlobalSettings-CN=System-DC=Dynamicpacks-DC=net | msDFSR-Member | 12/30/2024 10:51:36 PM |
| Dynamicpacks.net | CN=Topology-CN=Domain System Volume-CN=DFSR-GlobalSettings-CN=System-DC=Dynamicpacks-DC=net | msDFSR-Topology | 12/30/2024 10:51:36 PM |
| Dynamicpacks.net | CN=SYSVOL Share-CN=Content-CN=Domain System Volume-CN=DFSR-GlobalSettings-CN=System-DC=Dynamicpacks-DC=net | msDFSR-ContentSet | 12/30/2024 10:51:36 PM |
| Dynamicpacks.net | CN=Content-CN=Domain System Volume-CN=DFSR-GlobalSettings-CN=System-DC=Dynamicpacks-DC=net | msDFSR-Content | 12/30/2024 10:51:36 PM |
| Dynamicpacks.net | CN=Domain System Volume-CN=DFSR-GlobalSettings-CN=System-DC=Dynamicpacks-DC=net | msDFSR-ReplicationGroup | 12/30/2024 10:51:36 PM |
| Dynamicpacks.net | CN=DFSR-GlobalSettings-CN=System-DC=Dynamicpacks-DC=net | msDFSR-GlobalSettings | 12/30/2024 10:51:36 PM |
| Dynamicpacks.net | DC=k.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | 12/30/2024 10:51:34 PM |
| Dynamicpacks.net | DC=f.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | 12/30/2024 10:51:34 PM |
| Dynamicpacks.net | DC=e.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | 12/30/2024 10:51:34 PM |
| Dynamicpacks.net | DC=l.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | 12/30/2024 10:51:34 PM |
| Dynamicpacks.net | DC=a.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | 12/30/2024 10:51:34 PM |
| Dynamicpacks.net | DC=g.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | 12/30/2024 10:51:34 PM |
| Dynamicpacks.net | DC=m.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | 12/30/2024 10:51:34 PM |
| Dynamicpacks.net | DC=d.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | 12/30/2024 10:51:34 PM |
| Dynamicpacks.net | DC=b.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | 12/30/2024 10:51:34 PM |
| Dynamicpacks.net | DC=c.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | 12/30/2024 10:51:34 PM |
| Dynamicpacks.net | DC=h.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | 12/30/2024 10:51:34 PM |
| Dynamicpacks.net | DC=i.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | 12/30/2024 10:51:34 PM |
| Dynamicpacks.net | DC=j.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | 12/30/2024 10:51:34 PM |
| Dynamicpacks.net | DC=@-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | 12/30/2024 10:51:34 PM |
| Dynamicpacks.net | DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsZone | 12/30/2024 10:51:34 PM |
| Dynamicpacks.net | CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:51:34 PM |
| Dynamicpacks.net | CN=DnsUpdateProxy-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:51:33 PM |
| Dynamicpacks.net | CN=DnsAdmins-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:51:33 PM |
| Dynamicpacks.net | CN=RID Set-CN=DC114-OU=Domain Controllers-DC=Dynamicpacks-DC=net | rIDSet | 12/30/2024 10:51:04 PM |
| Dynamicpacks.net | CN=RID Manager$-CN=System-DC=Dynamicpacks-DC=net | rIDManager | 12/30/2024 10:51:04 PM |
| Dynamicpacks.net | CN=Enterprise Key Admins-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 11:06:04 PM |
| Dynamicpacks.net | CN=Key Admins-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 11:06:04 PM |
| Dynamicpacks.net | CN=Protected Users-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:50:48 PM |
| Dynamicpacks.net | CN=Cloneable Domain Controllers-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:50:48 PM |
| Dynamicpacks.net | CN=Enterprise Read-only Domain Controllers-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:50:48 PM |
| Dynamicpacks.net | CN=Read-only Domain Controllers-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 11:06:04 PM |
| Dynamicpacks.net | CN=Denied RODC Password Replication Group-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:50:48 PM |
| Dynamicpacks.net | CN=Allowed RODC Password Replication Group-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:50:48 PM |
| Dynamicpacks.net | CN=6E157EDF-4E72-4052-A82A-EC3F91021A22-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:50:47 PM |
| Dynamicpacks.net | CN=S-1-5-9-CN=ForeignSecurityPrincipals-DC=Dynamicpacks-DC=net | foreignSecurityPrincipal | 12/30/2024 10:50:47 PM |
| Dynamicpacks.net | CN=Terminal Server License Servers-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:50:47 PM |
| Dynamicpacks.net | CN=Windows Authorization Access Group-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:50:47 PM |
| Dynamicpacks.net | CN=Incoming Forest Trust Builders-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:50:47 PM |
| Dynamicpacks.net | CN=Pre-Windows 2000 Compatible Access-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:50:47 PM |
| Dynamicpacks.net | CN=Account Operators-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 11:06:04 PM |
| Dynamicpacks.net | CN=Server Operators-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 11:06:04 PM |
| Dynamicpacks.net | CN=RAS and IAS Servers-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:50:47 PM |
| Dynamicpacks.net | CN=Group Policy Creator Owners-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:50:47 PM |
| Dynamicpacks.net | CN=Domain Guests-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:50:47 PM |
| Dynamicpacks.net | CN=Domain Users-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:50:47 PM |
| Dynamicpacks.net | CN=Domain Admins-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 11:06:04 PM |
| Dynamicpacks.net | CN=Cert Publishers-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:50:46 PM |
| Dynamicpacks.net | CN=Enterprise Admins-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 11:06:04 PM |
| Dynamicpacks.net | CN=Schema Admins-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 11:06:04 PM |
| Dynamicpacks.net | CN=Domain Controllers-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 11:06:04 PM |
| Dynamicpacks.net | CN=Domain Computers-CN=Users-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:50:46 PM |
| Dynamicpacks.net | CN=krbtgt-CN=Users-DC=Dynamicpacks-DC=net | user | 12/30/2024 11:06:04 PM |
| Dynamicpacks.net | CN=DC114-OU=Domain Controllers-DC=Dynamicpacks-DC=net | computer | 12/30/2024 10:56:37 PM |
| Dynamicpacks.net | CN=Server-CN=System-DC=Dynamicpacks-DC=net | samServer | 12/30/2024 10:56:04 PM |
| Dynamicpacks.net | CN=Storage Replica Administrators-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=Remote Management Users-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=Access Control Assistance Operators-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=Hyper-V Administrators-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=RDS Management Servers-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=RDS Endpoint Servers-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=RDS Remote Access Servers-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=Certificate Service DCOM Access-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=Event Log Readers-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=Cryptographic Operators-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=S-1-5-17-CN=ForeignSecurityPrincipals-DC=Dynamicpacks-DC=net | foreignSecurityPrincipal | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=IIS_IUSRS-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=Distributed COM Users-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=Performance Log Users-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=Performance Monitor Users-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=Network Configuration Operators-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=Remote Desktop Users-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=Replicator-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 11:06:04 PM |
| Dynamicpacks.net | CN=Backup Operators-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 11:06:04 PM |
| Dynamicpacks.net | CN=Print Operators-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 11:06:04 PM |
| Dynamicpacks.net | CN=Guests-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:50:47 PM |
| Dynamicpacks.net | CN=S-1-5-11-CN=ForeignSecurityPrincipals-DC=Dynamicpacks-DC=net | foreignSecurityPrincipal | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=S-1-5-4-CN=ForeignSecurityPrincipals-DC=Dynamicpacks-DC=net | foreignSecurityPrincipal | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=Users-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 10:50:47 PM |
| Dynamicpacks.net | CN=Administrators-CN=Builtin-DC=Dynamicpacks-DC=net | group | 12/30/2024 11:06:04 PM |
| Dynamicpacks.net | CN=Builtin-DC=Dynamicpacks-DC=net | builtinDomain | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=Guest-CN=Users-DC=Dynamicpacks-DC=net | user | 12/30/2024 10:47:27 PM |
| Dynamicpacks.net | CN=Administrator-CN=Users-DC=Dynamicpacks-DC=net | user | 12/30/2024 11:06:04 PM |
| Dynamicpacks.net | CN=TPM Devices-DC=Dynamicpacks-DC=net | msTPM-InformationObjectsContainer | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=PSPs-CN=System-DC=Dynamicpacks-DC=net | msImaging-PSPs | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=Password Settings Container-CN=System-DC=Dynamicpacks-DC=net | msDS-PasswordSettingsContainer | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=ActiveDirectoryUpdate-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=Windows2003Update-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=A0C238BA-9E30-4EE6-80A6-43F731E9A5CD-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=434bb40d-dbc9-4fe7-81d4-d57229f7b080-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=7F950403-0AB3-47F9-9730-5D7B0269F9BD-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=3a6b3fbf-3168-4312-a10d-dd5b3393952d-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=e6d5fd00-385d-4e65-b02d-9da3493ed850-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=E5F9E791-D96D-4FC9-93C9-D53E1DC439BA-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=C81FC9CC-0130-4FD1-B272-634D74818133-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=83C53DA7-427E-47A4-A07A-A324598B88F7-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ff4f9d27-7157-4cb0-80a9-5d6f2b14c8ff-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=f4728883-84dd-483c-9897-274f2ebcf11e-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=54afcfb9-637a-4251-9f47-4d50e7021211-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=c3c927a6-cc1d-47c0-966b-be8f9b63d991-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=82112ba0-7e4c-4a44-89d9-d46c9612bf91-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=d262aae8-41f7-48ed-9f35-56bbb677573d-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=5e1574f6-55df-493e-a671-aaeffca6a100-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=c88227bc-fcca-4b58-8d8a-cd3d64528a02-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=4c93ad42-178a-4275-8600-16811d28f3aa-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=b96ed344-545a-4172-aa0c-68118202f125-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=de10d491-909f-4fb0-9abb-4b7865c0fe80-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=9738c400-7795-4d6e-b19d-c16cd6486166-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=4aaabc3a-c416-4b9c-a6bb-4b453ab1c1f0-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=231fb90b-c92a-40c9-9379-bacfc313a3e3-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=f58300d1-b71a-4DB6-88a1-a8b9538beaca-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=aed72870-bf16-4788-8ac7-22299c8207f1-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=71482d49-8870-4cb3-a438-b6fc9ec35d70-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=2951353e-d102-4ea5-906c-54247eeec741-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=0b7fb422-3609-4587-8c2e-94b10f67d1bf-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ebad865a-d649-416f-9922-456b53bbb5b8-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=57428d75-bef7-43e1-938b-2e749f5a8d56-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=61b34cb0-55ee-4be9-b595-97810b92b017-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=a1789bfb-e0a2-4739-8cc0-e77d892d080a-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=dda1d01d-4bd7-4c49-a184-46f9241b560e-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=8ddf6913-1c7b-4c59-a5af-b9ca3b3d2c4c-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=13d15cf0-e6c8-11d6-9793-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=c4f17608-e611-11d6-9793-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=3e4f4182-ac5d-4378-b760-0eab2de593e2-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=3051c66f-b332-4a73-9a20-2d6a7d6e6a1c-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd568d-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd568c-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd568b-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd568a-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd5689-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd5688-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd5687-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd5686-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd5685-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd5684-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd5683-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd5682-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd5681-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd5680-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd567f-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd567e-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd567d-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd567c-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd567b-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd567a-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd5679-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6bcd5678-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=3c784009-1f57-4e2a-9b04-6915c9e71961-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=8ca38317-13a4-4bd4-806f-ebed6acb5d0c-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=f7ed4553-d82b-49ef-a839-2f38a36bb069-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=7cfb016c-4f87-4406-8166-bd9df943947f-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=8437C3D8-7689-4200-BF38-79E4AC33DFA0-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=4dfbb973-8a62-4310-a90c-776e00f83222-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=7ffef925-405b-440a-8d58-35e8cd6e98c3-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=5c82b233-75fc-41b3-ac71-c69592e6bf15-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=293f0798-ea5c-4455-9f5d-45f33a30703b-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=a3dac986-80e7-4e59-a059-54cb1ab43cb9-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=51cba88b-99cf-4e16-bef2-c427b38d0767-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=446f24ea-cfd5-4c52-8346-96e170bcb912-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6ff880d6-11e7-4ed1-a20f-aac45da48650-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=9cac1f66-2167-47ad-a472-2a13251310e4-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=f607fd87-80cf-45e2-890b-6cf97ec0e284-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=98de1d3e-6611-443b-8b4e-f4337f1ded0b-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=10b3ad2a-6883-4fa7-90fc-6377cbdc1b26-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=6ada9ff7-c9df-45c1-908e-9fef2fab008a-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=d85c0bfd-094f-4cad-a2b5-82ac9268475d-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=a86fe12a-0f62-4e2a-b271-d27f601f8182-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=0e660ea3-8a5e-4495-9ad7-ca1bd4638f9e-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=860c36ed-5241-4c62-a18b-cf6ff9994173-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=7868d4c8-ac41-4e05-b401-776280e8e9f1-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=2416c60a-fe15-4d7a-a61e-dffd5df864d3-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=f3dd09dd-25e8-4f9c-85df-12d6d2f2f2f5-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=bab5f54d-06c8-48de-9b87-d78b796564e4-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ab402345-d3c3-455d-9ff7-40268a1099b6-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=WMIGPO-CN=WMIPolicy-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=PolicyType-CN=WMIPolicy-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=SOM-CN=WMIPolicy-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=PolicyTemplate-CN=WMIPolicy-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=WMIPolicy-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ComPartitionSets-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ComPartitions-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=AdminSDHolder-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 11:06:04 PM |
| Dynamicpacks.net | CN=ipsecNFA{6A1F5C6F-72B7-11D2-ACF0-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNFA | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecNegotiationPolicy{59319BF0-5EE3-11D2-ACE8-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNegotiationPolicy | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecNegotiationPolicy{7238523F-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNegotiationPolicy | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNFA | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNFA | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNFA | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecISAKMPPolicy{7238523D-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecISAKMPPolicy | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecPolicy | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecNegotiationPolicy{59319C01-5EE3-11D2-ACE8-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNegotiationPolicy | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNFA | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecISAKMPPolicy{72385237-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecISAKMPPolicy | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecPolicy{72385236-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecPolicy | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecFilter{72385235-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecFilter | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNegotiationPolicy | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecNegotiationPolicy{59319BDF-5EE3-11D2-ACE8-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNegotiationPolicy | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecFilter | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNegotiationPolicy | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNFA | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNFA | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNFA | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecISAKMPPolicy{72385231-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecISAKMPPolicy | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecPolicy | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=Dfs-Configuration-CN=System-DC=Dynamicpacks-DC=net | dfsConfiguration | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=File Replication Service-CN=System-DC=Dynamicpacks-DC=net | nTFRSSettings | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=RAS and IAS Servers Access Check-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=Machine-CN={6AC1786C-016F-11D2-945F-00C04fB984F9}-CN=Policies-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=User-CN={6AC1786C-016F-11D2-945F-00C04fB984F9}-CN=Policies-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN={6AC1786C-016F-11D2-945F-00C04fB984F9}-CN=Policies-CN=System-DC=Dynamicpacks-DC=net | groupPolicyContainer | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=Machine-CN={31B2F340-016D-11D2-945F-00C04FB984F9}-CN=Policies-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=User-CN={31B2F340-016D-11D2-945F-00C04FB984F9}-CN=Policies-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN={31B2F340-016D-11D2-945F-00C04FB984F9}-CN=Policies-CN=System-DC=Dynamicpacks-DC=net | groupPolicyContainer | 12/30/2024 10:53:02 PM |
| Dynamicpacks.net | CN=Policies-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=Meetings-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=AppCategories-CN=Default Domain Policy-CN=System-DC=Dynamicpacks-DC=net | classStore | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=Default Domain Policy-CN=System-DC=Dynamicpacks-DC=net | domainPolicy | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=ObjectMoveTable-CN=FileLinks-CN=System-DC=Dynamicpacks-DC=net | linkTrackObjectMoveTable | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=VolumeTable-CN=FileLinks-CN=System-DC=Dynamicpacks-DC=net | linkTrackVolumeTable | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=FileLinks-CN=System-DC=Dynamicpacks-DC=net | fileLinkTracking | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=RpcServices-CN=System-DC=Dynamicpacks-DC=net | rpcContainer | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=WinsockServices-CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=Keys-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=Managed Service Accounts-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=NTDS Quotas-DC=Dynamicpacks-DC=net | msDS-QuotaContainer | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=Microsoft-CN=Program Data-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=Program Data-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=ForeignSecurityPrincipals-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=Infrastructure-DC=Dynamicpacks-DC=net | infrastructureUpdate | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=LostAndFound-DC=Dynamicpacks-DC=net | lostAndFound | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=System-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | OU=Domain Controllers-DC=Dynamicpacks-DC=net | organizationalUnit | 12/30/2024 10:47:22 PM |
| Dynamicpacks.net | CN=Computers-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | CN=Users-DC=Dynamicpacks-DC=net | container | 12/30/2024 10:47:21 PM |
| Dynamicpacks.net | DC=Dynamicpacks-DC=net | domainDNS | 12/30/2024 10:52:10 PM |
TEST NAME
Objects Created in Last 10 Days
Description
Objects were created in last 10 days. As such there is no impact, but need to identify as to if there is any privileged account that was created in the last 10 days.
Recommendation and Steps
Please review the list of objects created.
Associated Objects Per Domain/AD Forest
| AD Domain | Number Of objects Created in Last 10 Days |
| Dynamicpacks.net | 241 |
Affected Objects
| AD Domain | DistinguishedName | ObjectClass | WhenChanged |
| Dynamicpacks.net | CN=SYSVOL Subscription-CN=Domain System Volume-CN=DFSR-LocalSettings-CN=DC114-OU=Domain Controllers-DC=Dynamicpacks-DC=net | msDFSR-Subscription | |
| Dynamicpacks.net | CN=Domain System Volume-CN=DFSR-LocalSettings-CN=DC114-OU=Domain Controllers-DC=Dynamicpacks-DC=net | msDFSR-Subscriber | |
| Dynamicpacks.net | CN=DFSR-LocalSettings-CN=DC114-OU=Domain Controllers-DC=Dynamicpacks-DC=net | msDFSR-LocalSettings | |
| Dynamicpacks.net | CN=DC114-CN=Topology-CN=Domain System Volume-CN=DFSR-GlobalSettings-CN=System-DC=Dynamicpacks-DC=net | msDFSR-Member | |
| Dynamicpacks.net | CN=Topology-CN=Domain System Volume-CN=DFSR-GlobalSettings-CN=System-DC=Dynamicpacks-DC=net | msDFSR-Topology | |
| Dynamicpacks.net | CN=SYSVOL Share-CN=Content-CN=Domain System Volume-CN=DFSR-GlobalSettings-CN=System-DC=Dynamicpacks-DC=net | msDFSR-ContentSet | |
| Dynamicpacks.net | CN=Content-CN=Domain System Volume-CN=DFSR-GlobalSettings-CN=System-DC=Dynamicpacks-DC=net | msDFSR-Content | |
| Dynamicpacks.net | CN=Domain System Volume-CN=DFSR-GlobalSettings-CN=System-DC=Dynamicpacks-DC=net | msDFSR-ReplicationGroup | |
| Dynamicpacks.net | CN=DFSR-GlobalSettings-CN=System-DC=Dynamicpacks-DC=net | msDFSR-GlobalSettings | |
| Dynamicpacks.net | DC=k.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | |
| Dynamicpacks.net | DC=f.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | |
| Dynamicpacks.net | DC=e.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | |
| Dynamicpacks.net | DC=l.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | |
| Dynamicpacks.net | DC=a.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | |
| Dynamicpacks.net | DC=g.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | |
| Dynamicpacks.net | DC=m.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | |
| Dynamicpacks.net | DC=d.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | |
| Dynamicpacks.net | DC=b.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | |
| Dynamicpacks.net | DC=c.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | |
| Dynamicpacks.net | DC=h.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | |
| Dynamicpacks.net | DC=i.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | |
| Dynamicpacks.net | DC=j.root-servers.net-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | |
| Dynamicpacks.net | DC=@-DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsNode | |
| Dynamicpacks.net | DC=RootDNSServers-CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | dnsZone | |
| Dynamicpacks.net | CN=MicrosoftDNS-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=DnsUpdateProxy-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=DnsAdmins-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=RID Set-CN=DC114-OU=Domain Controllers-DC=Dynamicpacks-DC=net | rIDSet | |
| Dynamicpacks.net | CN=RID Manager$-CN=System-DC=Dynamicpacks-DC=net | rIDManager | |
| Dynamicpacks.net | CN=Enterprise Key Admins-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Key Admins-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Protected Users-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Cloneable Domain Controllers-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Enterprise Read-only Domain Controllers-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Read-only Domain Controllers-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Denied RODC Password Replication Group-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Allowed RODC Password Replication Group-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=6E157EDF-4E72-4052-A82A-EC3F91021A22-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=S-1-5-9-CN=ForeignSecurityPrincipals-DC=Dynamicpacks-DC=net | foreignSecurityPrincipal | |
| Dynamicpacks.net | CN=Terminal Server License Servers-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Windows Authorization Access Group-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Incoming Forest Trust Builders-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Pre-Windows 2000 Compatible Access-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Account Operators-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Server Operators-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=RAS and IAS Servers-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Group Policy Creator Owners-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Domain Guests-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Domain Users-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Domain Admins-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Cert Publishers-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Enterprise Admins-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Schema Admins-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Domain Controllers-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Domain Computers-CN=Users-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=krbtgt-CN=Users-DC=Dynamicpacks-DC=net | user | |
| Dynamicpacks.net | CN=DC114-OU=Domain Controllers-DC=Dynamicpacks-DC=net | computer | |
| Dynamicpacks.net | CN=Server-CN=System-DC=Dynamicpacks-DC=net | samServer | |
| Dynamicpacks.net | CN=Storage Replica Administrators-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Remote Management Users-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Access Control Assistance Operators-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Hyper-V Administrators-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=RDS Management Servers-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=RDS Endpoint Servers-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=RDS Remote Access Servers-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Certificate Service DCOM Access-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Event Log Readers-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Cryptographic Operators-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=S-1-5-17-CN=ForeignSecurityPrincipals-DC=Dynamicpacks-DC=net | foreignSecurityPrincipal | |
| Dynamicpacks.net | CN=IIS_IUSRS-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Distributed COM Users-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Performance Log Users-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Performance Monitor Users-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Network Configuration Operators-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Remote Desktop Users-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Replicator-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Backup Operators-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Print Operators-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Guests-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=S-1-5-11-CN=ForeignSecurityPrincipals-DC=Dynamicpacks-DC=net | foreignSecurityPrincipal | |
| Dynamicpacks.net | CN=S-1-5-4-CN=ForeignSecurityPrincipals-DC=Dynamicpacks-DC=net | foreignSecurityPrincipal | |
| Dynamicpacks.net | CN=Users-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Administrators-CN=Builtin-DC=Dynamicpacks-DC=net | group | |
| Dynamicpacks.net | CN=Builtin-DC=Dynamicpacks-DC=net | builtinDomain | |
| Dynamicpacks.net | CN=Guest-CN=Users-DC=Dynamicpacks-DC=net | user | |
| Dynamicpacks.net | CN=Administrator-CN=Users-DC=Dynamicpacks-DC=net | user | |
| Dynamicpacks.net | CN=TPM Devices-DC=Dynamicpacks-DC=net | msTPM-InformationObjectsContainer | |
| Dynamicpacks.net | CN=PSPs-CN=System-DC=Dynamicpacks-DC=net | msImaging-PSPs | |
| Dynamicpacks.net | CN=Password Settings Container-CN=System-DC=Dynamicpacks-DC=net | msDS-PasswordSettingsContainer | |
| Dynamicpacks.net | CN=ActiveDirectoryUpdate-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=Windows2003Update-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=A0C238BA-9E30-4EE6-80A6-43F731E9A5CD-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=434bb40d-dbc9-4fe7-81d4-d57229f7b080-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=7F950403-0AB3-47F9-9730-5D7B0269F9BD-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=3a6b3fbf-3168-4312-a10d-dd5b3393952d-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=e6d5fd00-385d-4e65-b02d-9da3493ed850-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=E5F9E791-D96D-4FC9-93C9-D53E1DC439BA-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=C81FC9CC-0130-4FD1-B272-634D74818133-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=83C53DA7-427E-47A4-A07A-A324598B88F7-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=ff4f9d27-7157-4cb0-80a9-5d6f2b14c8ff-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=f4728883-84dd-483c-9897-274f2ebcf11e-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=54afcfb9-637a-4251-9f47-4d50e7021211-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=c3c927a6-cc1d-47c0-966b-be8f9b63d991-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=82112ba0-7e4c-4a44-89d9-d46c9612bf91-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=d262aae8-41f7-48ed-9f35-56bbb677573d-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=5e1574f6-55df-493e-a671-aaeffca6a100-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=c88227bc-fcca-4b58-8d8a-cd3d64528a02-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=4c93ad42-178a-4275-8600-16811d28f3aa-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=b96ed344-545a-4172-aa0c-68118202f125-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=de10d491-909f-4fb0-9abb-4b7865c0fe80-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=9738c400-7795-4d6e-b19d-c16cd6486166-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=4aaabc3a-c416-4b9c-a6bb-4b453ab1c1f0-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=231fb90b-c92a-40c9-9379-bacfc313a3e3-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=f58300d1-b71a-4DB6-88a1-a8b9538beaca-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=aed72870-bf16-4788-8ac7-22299c8207f1-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=71482d49-8870-4cb3-a438-b6fc9ec35d70-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=2951353e-d102-4ea5-906c-54247eeec741-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=0b7fb422-3609-4587-8c2e-94b10f67d1bf-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=ebad865a-d649-416f-9922-456b53bbb5b8-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=57428d75-bef7-43e1-938b-2e749f5a8d56-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=61b34cb0-55ee-4be9-b595-97810b92b017-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=a1789bfb-e0a2-4739-8cc0-e77d892d080a-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=dda1d01d-4bd7-4c49-a184-46f9241b560e-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=8ddf6913-1c7b-4c59-a5af-b9ca3b3d2c4c-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=13d15cf0-e6c8-11d6-9793-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=c4f17608-e611-11d6-9793-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=3e4f4182-ac5d-4378-b760-0eab2de593e2-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=3051c66f-b332-4a73-9a20-2d6a7d6e6a1c-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd568d-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd568c-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd568b-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd568a-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd5689-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd5688-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd5687-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd5686-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd5685-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd5684-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd5683-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd5682-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd5681-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd5680-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd567f-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd567e-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd567d-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd567c-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd567b-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd567a-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd5679-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6bcd5678-8314-11d6-977b-00c04f613221-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=3c784009-1f57-4e2a-9b04-6915c9e71961-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=8ca38317-13a4-4bd4-806f-ebed6acb5d0c-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=f7ed4553-d82b-49ef-a839-2f38a36bb069-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=7cfb016c-4f87-4406-8166-bd9df943947f-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=8437C3D8-7689-4200-BF38-79E4AC33DFA0-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=4dfbb973-8a62-4310-a90c-776e00f83222-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=7ffef925-405b-440a-8d58-35e8cd6e98c3-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=5c82b233-75fc-41b3-ac71-c69592e6bf15-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=293f0798-ea5c-4455-9f5d-45f33a30703b-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=a3dac986-80e7-4e59-a059-54cb1ab43cb9-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=51cba88b-99cf-4e16-bef2-c427b38d0767-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=446f24ea-cfd5-4c52-8346-96e170bcb912-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6ff880d6-11e7-4ed1-a20f-aac45da48650-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=9cac1f66-2167-47ad-a472-2a13251310e4-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=f607fd87-80cf-45e2-890b-6cf97ec0e284-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=98de1d3e-6611-443b-8b4e-f4337f1ded0b-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=10b3ad2a-6883-4fa7-90fc-6377cbdc1b26-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=6ada9ff7-c9df-45c1-908e-9fef2fab008a-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=d85c0bfd-094f-4cad-a2b5-82ac9268475d-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=a86fe12a-0f62-4e2a-b271-d27f601f8182-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=0e660ea3-8a5e-4495-9ad7-ca1bd4638f9e-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=860c36ed-5241-4c62-a18b-cf6ff9994173-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=7868d4c8-ac41-4e05-b401-776280e8e9f1-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=2416c60a-fe15-4d7a-a61e-dffd5df864d3-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=f3dd09dd-25e8-4f9c-85df-12d6d2f2f2f5-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=bab5f54d-06c8-48de-9b87-d78b796564e4-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=ab402345-d3c3-455d-9ff7-40268a1099b6-CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=Operations-CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=DomainUpdates-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=WMIGPO-CN=WMIPolicy-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=PolicyType-CN=WMIPolicy-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=SOM-CN=WMIPolicy-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=PolicyTemplate-CN=WMIPolicy-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=WMIPolicy-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=ComPartitionSets-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=ComPartitions-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=AdminSDHolder-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=ipsecNFA{6A1F5C6F-72B7-11D2-ACF0-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNFA | |
| Dynamicpacks.net | CN=ipsecNegotiationPolicy{59319BF0-5EE3-11D2-ACE8-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNegotiationPolicy | |
| Dynamicpacks.net | CN=ipsecNegotiationPolicy{7238523F-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNegotiationPolicy | |
| Dynamicpacks.net | CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNFA | |
| Dynamicpacks.net | CN=ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNFA | |
| Dynamicpacks.net | CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNFA | |
| Dynamicpacks.net | CN=ipsecISAKMPPolicy{7238523D-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecISAKMPPolicy | |
| Dynamicpacks.net | CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecPolicy | |
| Dynamicpacks.net | CN=ipsecNegotiationPolicy{59319C01-5EE3-11D2-ACE8-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNegotiationPolicy | |
| Dynamicpacks.net | CN=ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNFA | |
| Dynamicpacks.net | CN=ipsecISAKMPPolicy{72385237-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecISAKMPPolicy | |
| Dynamicpacks.net | CN=ipsecPolicy{72385236-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecPolicy | |
| Dynamicpacks.net | CN=ipsecFilter{72385235-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecFilter | |
| Dynamicpacks.net | CN=ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNegotiationPolicy | |
| Dynamicpacks.net | CN=ipsecNegotiationPolicy{59319BDF-5EE3-11D2-ACE8-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNegotiationPolicy | |
| Dynamicpacks.net | CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecFilter | |
| Dynamicpacks.net | CN=ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNegotiationPolicy | |
| Dynamicpacks.net | CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNFA | |
| Dynamicpacks.net | CN=ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNFA | |
| Dynamicpacks.net | CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecNFA | |
| Dynamicpacks.net | CN=ipsecISAKMPPolicy{72385231-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecISAKMPPolicy | |
| Dynamicpacks.net | CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000}-CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | ipsecPolicy | |
| Dynamicpacks.net | CN=IP Security-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=Dfs-Configuration-CN=System-DC=Dynamicpacks-DC=net | dfsConfiguration | |
| Dynamicpacks.net | CN=File Replication Service-CN=System-DC=Dynamicpacks-DC=net | nTFRSSettings | |
| Dynamicpacks.net | CN=RAS and IAS Servers Access Check-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=Machine-CN={6AC1786C-016F-11D2-945F-00C04fB984F9}-CN=Policies-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=User-CN={6AC1786C-016F-11D2-945F-00C04fB984F9}-CN=Policies-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN={6AC1786C-016F-11D2-945F-00C04fB984F9}-CN=Policies-CN=System-DC=Dynamicpacks-DC=net | groupPolicyContainer | |
| Dynamicpacks.net | CN=Machine-CN={31B2F340-016D-11D2-945F-00C04FB984F9}-CN=Policies-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=User-CN={31B2F340-016D-11D2-945F-00C04FB984F9}-CN=Policies-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN={31B2F340-016D-11D2-945F-00C04FB984F9}-CN=Policies-CN=System-DC=Dynamicpacks-DC=net | groupPolicyContainer | |
| Dynamicpacks.net | CN=Policies-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=Meetings-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=AppCategories-CN=Default Domain Policy-CN=System-DC=Dynamicpacks-DC=net | classStore | |
| Dynamicpacks.net | CN=Default Domain Policy-CN=System-DC=Dynamicpacks-DC=net | domainPolicy | |
| Dynamicpacks.net | CN=ObjectMoveTable-CN=FileLinks-CN=System-DC=Dynamicpacks-DC=net | linkTrackObjectMoveTable | |
| Dynamicpacks.net | CN=VolumeTable-CN=FileLinks-CN=System-DC=Dynamicpacks-DC=net | linkTrackVolumeTable | |
| Dynamicpacks.net | CN=FileLinks-CN=System-DC=Dynamicpacks-DC=net | fileLinkTracking | |
| Dynamicpacks.net | CN=RpcServices-CN=System-DC=Dynamicpacks-DC=net | rpcContainer | |
| Dynamicpacks.net | CN=WinsockServices-CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=Keys-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=Managed Service Accounts-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=NTDS Quotas-DC=Dynamicpacks-DC=net | msDS-QuotaContainer | |
| Dynamicpacks.net | CN=Microsoft-CN=Program Data-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=Program Data-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=ForeignSecurityPrincipals-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=Infrastructure-DC=Dynamicpacks-DC=net | infrastructureUpdate | |
| Dynamicpacks.net | CN=LostAndFound-DC=Dynamicpacks-DC=net | lostAndFound | |
| Dynamicpacks.net | CN=System-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | OU=Domain Controllers-DC=Dynamicpacks-DC=net | organizationalUnit | |
| Dynamicpacks.net | CN=Computers-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | CN=Users-DC=Dynamicpacks-DC=net | container | |
| Dynamicpacks.net | DC=Dynamicpacks-DC=net | domainDNS |
TEST NAME
Domain Trusts Found
Description
Test has passed.
TEST NAME
Anyone can Join Computers to Domain
Description
Normal users can add computers to Active Directory. The ability to add computer accounts to a domain without restrictions or monitoring present opportunities for attackers to add their own accounts or take advantage of uncontrolled computers with vulnerabilities, thereby extending their reach and entrenching themselves in the environment.
Recommendation and Steps
It is recommended to set the ms-DS-MachineAccountQuota attribute on the domain NC head to 0 to disable regular users' ability to add computer accounts.
Associated Objects Per Domain/AD Forest
| AD Domain | Normal Users Can Join Computers to Domain? |
| Dynamicpacks.net | Yes: ms-DS-MachineAccountQuota:10 |
Affected Objects
| AD Domain | Normal Users Can Join Computers to Domain? |
| Dynamicpacks.net | Yes: ms-DS-MachineAccountQuota:10 |
TEST NAME
Replication Errors DCs
Description
Active Directory Replication is working normally.
TEST NAME
Allowed RODC Password Replication Group is not empty
Description
Allowed RODC Password Replication Group is empty.
TEST NAME
Managed service accounts with passwords unchanged for more than 90 days
Description
Test has passed.
TEST NAME
Denied RODC Password Replication Group missing Privileged Accounts
Description
Denied RODC Password Replication Group does not contain privileged groups. Some default groups are missing from the Denied RODC Password Replication Group. It is a security risk to expose passwords of privileged groups.
Recommendation and Steps
The Denied RODC Password Replication Group must include the following members: Domain Controllers, Read-only Domain Controllers, Group Policy Creator Owners, Domain Admins, Cert Publishers, Enterprise Admins, Schema Admins, and KRBTGT groups.
Associated Objects Per Domain/AD Forest
| AD Domain | Total Missing Members in Denied RODC Password Replication Group |
| Dynamicpacks.net | 8 |
Affected Objects
| AD Domain | Missing Privileged Group in Denied RODC Password Replication Group |
| Dynamicpacks.net | Enterprise Key Admins |
| Dynamicpacks.net | Key Admins |
| Dynamicpacks.net | Account Operators |
| Dynamicpacks.net | Server Operators |
| Dynamicpacks.net | Replicator |
| Dynamicpacks.net | Backup Operators |
| Dynamicpacks.net | Print Operators |
| Dynamicpacks.net | Administrators |
TEST NAME
msDS-NeverRevealGroupattribute RODC missing Privileged Accounts
Description
Privileged Groups found in msDS-NeverRevealGroupattribute Attribute.
TEST NAME
Schema Admin Group members
Description
Found members in Schema Admins Group. Only members of the Schema Admins group can modify the schema, so accounts should only be added to this group when a change to the Schema is required and removed afterwards. This approach helps prevent an attacker from compromising a Schema Admin account, which could have serious consequences.
Recommendation and Steps
It is recommended to remove all members from the Schema Admins Group.
Associated Objects Per Domain/AD Forest
| AD Forest | Total Schema Members |
| DynamicPacks.net | 1 |
Affected Objects
| Schema Member |
| Administrator |
TEST NAME
Unsecure Updates Zones
Description
Domain DNS Zones are configured to accept dynamic updates securely.
TEST NAME
Missing Domain Zones Scavenging
Description
Domain Zones do not have DNS Aging enabled. It is important to note that if you do not enable Aging for a Domain Zone DNS Server may result in a huge number of stale DNS records.
Recommendation and Steps
It is recommended to enable DNS Aging for each Domain Zone.
Associated Objects Per Domain/AD Forest
| Connected to PDC | Domain Zone | Final Status | Is Aging Enabled? | No Refresh Interval | Refresh Interval |
| dc114.Dynamicpacks.net | Dynamicpacks.net | DNS Scavenging is not enabled for Domain Zone. | False | 7.00:00:00 | 7.00:00:00 |
Affected Objects
| Connected to PDC | Domain Zone | Final Status | Is Aging Enabled? | No Refresh Interval | Refresh Interval |
| dc114.Dynamicpacks.net | Dynamicpacks.net | DNS Scavenging is not enabled for Domain Zone. | False | 7.00:00:00 | 7.00:00:00 |
TEST NAME
AD Partitions Backup Status
Description
All AD Partitions were backed up recently.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Partition | Final Status | Last Backup Date |
| DC=ForestDnsZones DC=Dynamicpacks DC=net | Ok | |
| DC=DomainDnsZones DC=Dynamicpacks DC=net | Ok | |
| CN=Schema CN=Configuration DC=Dynamicpacks DC=net | Ok | |
| CN=Configuration DC=Dynamicpacks DC=net | Ok | |
| DC=Dynamicpacks DC=net | Ok |
Affected Objects
TEST NAME
Users with LastPasswordSet was never Set
Description
Test has passed.
TEST NAME
Users with PWDLastSet to ZERO
Description
PWDLastSet is set to some timestamp for all users and no dormant accounts were found.
TEST NAME
Users with SPNs Configured
Description
No Users found with Service Principals Configured.
TEST NAME
Password Expiration is missing for smart card users
Description
Test has passed.
TEST NAME
Accounts vulnerable to Kerberoasting Found
Description
Test has passed.
TEST NAME
Users With DES encryption
Description
The USE_DES_KEY_ONLY flag is not set for any user.
TEST NAME
Users With Reversible Encryption
Description
No accounts have their passwords stored in Active Directory using reversible encryption.
TEST NAME
Users With Kerberos Pre-Authentication
Description
The DONT_REQUIRE_PREAUTH flag is NOT set for users.
TEST NAME
Users Modified with PrimaryGroupID
Description
Test has been passed
TEST NAME
Users Sending Bad Logons
Description
No Bad Logon Attempts were found from users.
TEST NAME
Users Disabled
Description
No Disabled user accounts were found in AD Domains.
TEST NAME
Stale User Accounts
Description
No Stale user accounts were found in AD Domains.
TEST NAME
Users Expired
Description
No Expired Accounts were found in Active Directory.
TEST NAME
User Accounts Pass Never Expires
Description
Password Never Expires user accounts were found in AD Domains. Every user must be set to renew their password except user accounts which are created for use with applications. Service Accounts can be set to not expire.
Recommendation and Steps
Please check why passwords for these user accounts are set to not expire.
Associated Objects Per Domain/AD Forest
| AD Domain | Total Users With Password Never Expires |
| Dynamicpacks.net | 1 |
Affected Objects
| AD Domain | BadLogonCount | DistinguishedName | DoesNotRequirePreAuth | Enabled | PasswordLastSet | PasswordNeverExpires | PasswordNotRequired | PrimaryGroupID | PWDLastSet | SamAccountName | SIDHistory | UserAccountControl | UserPrincipalName |
| Dynamicpacks.net | 0 | CN=Administrator-CN=Users-DC=Dynamicpacks-DC=net | False | True | 12/21/2024 9:36:08 PM | True | False | 513 | 133793193685017197 | Administrator | Microsoft.ActiveDirectory.Management.ADPropertyValueCollection | 66048 |
TEST NAME
User Accounts Pass Not Required
Description
No Users with Password Not Required flag.
TEST NAME
Computers with SPNs Configured
Description
No Computer accounts were found with Service Principals
TEST NAME
Computers With Unconstrained Delegation
Description
No accounts found with unconstrained delegation.
TEST NAME
Computers Modified with PrimaryGroupID
Description
Test has been passed
TEST NAME
Computers Sending Bad Logons
Description
No Computers are sending Bad Logon Attempts.
TEST NAME
Computers Disabled
Description
No Disabled computers were found in AD Domains.
TEST NAME
Stale Computer Accounts
Description
No Stale Computer Accounts were found.
TEST NAME
Unsupported Operating Systems
Description
No Computers running an unsupported operating version were found in Active Directory.
TEST NAME
Admins with SPNs Configured
Description
Admin Accounts with Service Principal Names are not found.
TEST NAME
Admins Sending Bad Logons
Description
No Admins found with Bad Logon Attempts.
TEST NAME
Domain Controllers not owned by Admins
Description
All Domain Controller computer accounts are owned by privileged accounts.
TEST NAME
Computer Objects not managed by Admins
Description
Computer accounts are managed by admin accounts.
TEST NAME
Organizational Units not managed by Admins
Description
Organizational units are managed by admin accounts.
TEST NAME
Sensitive GPOs Modified
Description
Sensitive Group Policy Objects have been changed in the last 10 days. Changes to the Default Domain Policy or Default Domain Controllers Policy should be accounted for by the administrators. If the change cannot be accounted for, investigate the change looking for potential weakening of security posture and why the change was made.
Recommendation and Steps
Please ensure the change is made by an Administrator as changing to default domain and domain controller policies is generally not required.
Associated Objects Per Domain/AD Forest
| AD Domain | Default Domain GPO Modified Last Date | Domain Controller GPO Modified Last Date |
| Dynamicpacks.net | 12/30/2024 22:47:20 | 12/30/2024 22:47:20 |
Affected Objects
TEST NAME
Recently Created Privileged Admins
Description
TEST NAME
Changes to Privileged Groups in Last 15 days
Description
Found indicator of exposure found. Recent additions or deletions to privileged group members could be normal operational changes or could indicate attempts at persistence or cleaning up of tracks after an attack.
Recommendation and Steps
Confirm that any additions/removals from privileged groups are valid and properly accounted for.
Associated Objects Per Domain/AD Forest
| AD Domain | Total Privileged Groups Modified in Last 15 Days |
| Dynamicpacks.net | 13 |
Affected Objects
| AD Domain | Last Modification Date | Privileged Group |
| Dynamicpacks.net | 12/30/2024 23:06:04 | Enterprise Key Admins |
| Dynamicpacks.net | 12/30/2024 23:06:04 | Key Admins |
| Dynamicpacks.net | 12/30/2024 23:06:04 | Read-only Domain Controllers |
| Dynamicpacks.net | 12/30/2024 23:06:04 | Account Operators |
| Dynamicpacks.net | 12/30/2024 23:06:04 | Server Operators |
| Dynamicpacks.net | 12/30/2024 23:06:04 | Domain Admins |
| Dynamicpacks.net | 12/30/2024 23:06:04 | Enterprise Admins |
| Dynamicpacks.net | 12/30/2024 23:06:04 | Schema Admins |
| Dynamicpacks.net | 12/30/2024 23:06:04 | Domain Controllers |
| Dynamicpacks.net | 12/30/2024 23:06:04 | Replicator |
| Dynamicpacks.net | 12/30/2024 23:06:04 | Backup Operators |
| Dynamicpacks.net | 12/30/2024 23:06:04 | Print Operators |
| Dynamicpacks.net | 12/30/2024 23:06:04 | Administrators |
TEST NAME
Users Identified with Privileged SIDs in sIDHistory
Description
Users do not contain Privileged Accounts SID in sIDHistory.
TEST NAME
Computers Identified with Privileged SIDs in sIDHistory
Description
No computer accounts with privileged Accounts SID in sIDHistory.
TEST NAME
Found Excluded Groups by AdminSDHolder and SDProp
Description
TEST NAME
krbtgt Account with Resource-Based Constrained Delegation
Description
krbtgt account do not have resource-based constrained delegation.
TEST NAME
Built-In Admin Account Not protected
Description
Default Administrator account is not protected. Use of a domain's Administrator account should be reserved only for initial build activities, and possibly, disaster-recovery scenarios. To ensure that an Administrator account can be used to effect repairs in the event that no other accounts can be used, you should not change the default membership of the Administrator account in any domain in the forest. Instead, you should secure the Administrator account in each domain in the forest.
Recommendation and Steps
It is recommended to enable the Account is sensitive and cannot be delegated flag on the administrator account and make sure to change the password.
Associated Objects Per Domain/AD Forest
| AD Domain | Default Administrator Account Protection Status |
| Dynamicpacks.net | Not Protected-Cannot be delegated Not enabled |
Affected Objects
| AD Domain | Default Administrator Account Protection Status |
| Dynamicpacks.net | Not Protected-Cannot be delegated Not enabled |
TEST NAME
Built-In Admin Account Not Disabled
Description
Default Administrators account in domains have not been renamed or disabled. Anyone with an administrator account can attempt to log on to domain which will cause Bad Logon Events on domain controllers.
Recommendation and Steps
Please review the list and make sure to rename and disabled Default Administrator account in each domain.
Associated Objects Per Domain/AD Forest
| AD Domain | Administrator Account Name | Enabled | Final Status |
| Dynamicpacks.net | Administrator | True | NOT OK |
Affected Objects
| AD Domain | Administrator Account Name | Enabled | Final Status |
| Dynamicpacks.net | Administrator | True | NOT OK |
TEST NAME
Built-In Admin Account Not Renamed
Description
Default Administrators account in domains have not been renamed or disabled. Anyone with an administrator account can attempt to log on to domain which will cause Bad Logon Events on domain controllers.
Recommendation and Steps
Please review the list and make sure to rename and disabled Default Administrator account in each domain.
Associated Objects Per Domain/AD Forest
| AD Domain | Default Administrator Account Renamed? |
| Dynamicpacks.net | Not Renamed |
Affected Objects
| AD Domain | Default Administrator Account Renamed? |
| Dynamicpacks.net | Not Renamed |
TEST NAME
Built-In Admin Account Password Not Changed in 90 days
Description
Default Administrator account password was changed in 90 days.
TEST NAME
Built-In Admin Account was used in last 10 days
Description
Default Administrator account was used recently in some domains. The default Admin account should only be used for initial Active Directory setup and for disaster recovery purposes. If default admin account is used, then it could indicate that the user has been compromised.
Recommendation and Steps
If best practices are followed and domain Admin is not used, this would indicate a compromise. Ensure any logins to the built-in Domain Administrator account are legitimate and accounted for. If not accounted for, a breach is likely and should be investigated.
Associated Objects Per Domain/AD Forest
| AD Domain | Default Admin Account Used Status | Last Logon Date |
| Dynamicpacks.net | Was Used | 12/30/2024 10:52:18 PM |
Affected Objects
| AD Domain | Default Admin Account Used Status | Last Logon Date |
| Dynamicpacks.net | Was Used | 12/30/2024 10:52:18 PM |
TEST NAME
KRBTGT Account Password Not Changed
Description
krbtgt password was changed within 180 days.
TEST NAME
Guest Account is enabled
Description
Guest Account is disabled in all domains.
TEST NAME
Guest Account is not renamed
Description
Guest account in domains have not been renamed or disabled. The built-in guest account is a well-known user account on all Windows systems and, as initially installed, does not require a password. This can allow access to system resources by unauthorized users. Renaming this account to an unidentified name improves the protection of this account and the system.
Recommendation and Steps
Please review the list and make sure to rename and disabled Guest account in each domain.
Associated Objects Per Domain/AD Forest
| AD Domain | Guest Account Renamed? |
| Dynamicpacks.net | Not Renamed |
Affected Objects
| AD Domain | Guest Account Renamed? |
| Dynamicpacks.net | Not Renamed |
TEST NAME
Administrator Account ServicePrincipalNames Found
Description
Test has passed.
TEST NAME
Misconfigured Administrative Accounts Found
Description
Test has failed. Administrative accounts were found that are not configured to have the 'This account is sensitive and cannot be delegated' option enabled. This leaves the account vulnerable to potential abuse of delegated rights to change the administrative account password disable copy or modify the account properties.
Recommendation and Steps
This can be remediated by running the following PowerShell command as a privileged user (Domain Admin)
Associated Objects Per Domain/AD Forest
| AD Domain | Total Admins Misconfigured |
| Dynamicpacks.net | 2 |
Affected Objects
| AD Domain | Admin Name | Sensitive Account and Cannot be Delegated Option |
| Dynamicpacks.net | krbtgt | Not Set |
| Dynamicpacks.net | Administrator | Not Set |
TEST NAME
Missing Privileged Groups in Protected Users Group
Description
Not all Privileged Groups are part of Protected Users Group. Accounts for services and computers should never be members of the Protected Users group. This group provides incomplete protection anyway, because the password or certificate is always available on the host. Authentication will fail with the error the username or password is incorrect" for any service or computer that is added to the Protected Users group."
Recommendation and Steps
Privileged users must be members of the Protected Users group so as to enforce Kerberos authentication, reduce Kerberos ticket lifetime, enforce usage of strong encryption algorithm (AES), prevent caching of passwords on workstations, and prevent any type of Kerberos delegation. However, please note use of the Protected Users group comes with significant functional impacts. Ensure to add all protected groups and users to Protected Users Group.
Associated Objects Per Domain/AD Forest
| AD Domain | Total Missing Privileged Groups in Protected Users Group |
| Dynamicpacks.net | Missing All Admins |
Affected Objects
TEST NAME
Privileged Accounts Pass Never Expires
Description
No Privileged User Accounts were found that use Password Never Expires Flag.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Total Admins Password Never Expires |
| Dynamicpacks.net | 0 |
Affected Objects
TEST NAME
Too Many Privileged Accounts
Description
Test has passed.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Total Privileged Accounts |
| Dynamicpacks.net | 2 |
Affected Objects
TEST NAME
Inactive Admins
Description
All Admins have been active.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Enabled Admins Are Inactive Since Last 30 Days |
| Dynamicpacks.net | 0 |
Affected Objects
TEST NAME
Privileged Groups Contain more than 20 members
Description
Administrative groups contain 20 or less members.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| Final Status | In AD Domain | Security Group | Total Members |
| DC=net | DC=Dynamicpacks | CN=Enterprise Key Admins | CN=Users |
| DC=net | DC=Dynamicpacks | CN=Key Admins | CN=Users |
| DC=net | DC=Dynamicpacks | CN=Read-only Domain Controllers | CN=Users |
| DC=net | DC=Dynamicpacks | CN=Account Operators | CN=Builtin |
| DC=net | DC=Dynamicpacks | CN=Server Operators | CN=Builtin |
| DC=net | DC=Dynamicpacks | CN=Domain Admins | CN=Users |
| DC=net | DC=Dynamicpacks | CN=Enterprise Admins | CN=Users |
| DC=net | DC=Dynamicpacks | CN=Schema Admins | CN=Users |
| DC=net | DC=Dynamicpacks | CN=Domain Controllers | CN=Users |
| DC=net | DC=Dynamicpacks | CN=Replicator | CN=Builtin |
| DC=net | DC=Dynamicpacks | CN=Backup Operators | CN=Builtin |
| DC=net | DC=Dynamicpacks | CN=Print Operators | CN=Builtin |
| DC=net | DC=Dynamicpacks | CN=Administrators | CN=Builtin |
Affected Objects
TEST NAME
Kerberos Pre-authentication Disabled
Description
All Admin accounts have DONT_REQUIRE_PREAUTH flag set to false.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Admin With Kerberos Pre-Authentication Disabled |
| Dynamicpacks.net | 0 |
Affected Objects
TEST NAME
Disabled Admins part of Privileged Groups
Description
No Disabled users are part of Privileged Groups.
TEST NAME
Passwords Not Changed within 90 days
Description
Privileged User Accounts have been changing their passwords regularly.
TEST NAME
DNSAdmins Group has members
Description
No other users are part of DNS Admins Group
TEST NAME
Privileged Groups Contained Computer Accounts
Description
No computer accounts are member of privileged Groups.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Total Computer Accounts part of Privileged Groups |
| Dynamicpacks.net | 0 |
Affected Objects
TEST NAME
Privileged Admins missing AdminCount=1 Flag
Description
All members in privileged groups have AdminCount=1 flag set.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Admin | AdminCount Status |
| Dynamicpacks.net | CN=Administrator-CN=Users-DC=Dynamicpacks-DC=net | SET |
Affected Objects
TEST NAME
ForeignSecurityPrincipals In Privileged Groups
Description
No ForeignSecurityPrincipal or orphaned princials were found in privileged admin groups.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Admin | Is a ForeignSecurityPrincipal? | Member Of |
| Dynamicpacks.net | Administrator | False | Administrators |
| Dynamicpacks.net | Enterprise Admins | False | Administrators |
| Dynamicpacks.net | Domain Admins | False | Administrators |
| Dynamicpacks.net | Administrator | False | Domain Admins |
| Administrator | False | Enterprise Admins |
Affected Objects
TEST NAME
Operators Groups are not empty
Description
All Operators Groups are empty in all domains.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| Account Operators Member Count | AD Domain | Backup Operators Member Count | Print Operators Member Count | Server Operators Member Count |
| 0 | Dynamicpacks.net | 0 | 0 | 0 |
Affected Objects
TEST NAME
Weak Password Policies Affected Admins
Description
Privileged Users are not using strong password policies. A password length of seven characters can be cracked instantly by various brute force tools. Apart from the danger of account compromise, having a weak password policy also leads to complex problems like regulatory compliance.
Recommendation and Steps
For privileged accounts, enforcing a password policy with the following requirements is recommended: forced change at most every 3 years and length of 8 or more characters is recommended.
Associated Objects Per Domain/AD Forest
| AD Domain | Admin Account | Minimum Password Length |
| Dynamicpacks.net | CN=krbtgt-CN=Users-DC=Dynamicpacks-DC=net | 7 |
| Dynamicpacks.net | CN=Administrator-CN=Users-DC=Dynamicpacks-DC=net | 7 |
Affected Objects
| AD Domain | Admin Using Weak Password Policy | Minimum Password Length |
| Dynamicpacks.net | CN=krbtgt-CN=Users-DC=Dynamicpacks-DC=net | 7 |
| Dynamicpacks.net | CN=Administrator-CN=Users-DC=Dynamicpacks-DC=net | 7 |
TEST NAME
Password Do Not Expire
Description
Some privileged accounts have passwords that never expire. If no security mechanism enforces a periodic password rotation, taking over an account allows any malicious user to keep their access rights in the domain for extended periods of time.
Recommendation and Steps
Passwords should be periodically changed for all privileged group members (at most every 3 years). To enforce application of the domain password policy on these accounts, their DONT_EXPIRE flag should not be set. This account flag should then be unset, usually by unchecking the password never expires" option in the "Account" tab of the user properties. Their passwords should then be rolled immediately."
Associated Objects Per Domain/AD Forest
| AD Domain | PasswordNeverExpire? | Privileged Account |
| Dynamicpacks.net | False | CN=krbtgt-CN=Users-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | True | CN=Administrator-CN=Users-DC=Dynamicpacks-DC=net |
Affected Objects
| AD Domain | PasswordNeverExpire? | Privileged Account |
| Dynamicpacks.net | True | CN=Administrator-CN=Users-DC=Dynamicpacks-DC=net |
TEST NAME
AdminsCount Flag set users not acting as Admins
Description
Test has passed.
TEST NAME
Default Domain Policy-Minimum Password Length
Description
Account Policies are configured correctly.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Minimum Password Length |
| Dynamicpacks.net | 7 |
Affected Objects
| AD Domain | Minimum Password Length |
| Dynamicpacks.net | 7 |
TEST NAME
FGPP Policies-Minimum Password Length
Description
FGPP password parameters are not configured correctly. Minimum password set to 7 or less will not help in providing adequate defense against a brute force attack.
Recommendation and Steps
Please review the list of FGPP provided and make sure to enable Password Complexity. Please check the account policies parameters and ensure values are correct. The Minimum Password Length recommended is 12 and password complexity must be enabled.
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
FGPP Policies Not Applying
Description
Some FGPP Policies have been created but they do not apply to any objects. Users will not receive Password Policies from FGPP.
Recommendation and Steps
Please review the list and make sure FGPP Policies are applying to desired objects.
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Account Lockout Policies Missing
Description
Account Lockout Policies are configured in Active Directory domains.
TEST NAME
Domain Controllers Modified with PrimaryGroupID
Description
Test has been passed
TEST NAME
SMB 1 Protocol Enabled DCs
Description
SMB1 Protocol is disabled on all domain controllers.
TEST NAME
SMB 1 Client Protocol Enabled DCs
Description
SMB1 client Protocol is disabled on all domain controllers.
TEST NAME
AllowNT4Crypto DCs
Description
Found Domain Controllers were found with NT4 Crypto. Allowing old NT4 cryptography algorithms could be a serious security risk, and could be a signal that in the environment there might still be very old and unsecure hardware or software being used (like NT4 or older SAMBA SMB clients).. Besides, all currently supported OS don't even honor this setting anymore.
Recommendation and Steps
Recommended action is to disable NT4 Crypto on affected domain controllers. In Registry Editor navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters and change the value of AllowNT4Crypto to 0.
Associated Objects Per Domain/AD Forest
| AllowNT4Crypto Status | Connection | Domain Controller | Final Status | Reg Entry | Registry Key |
| AllowNT4Crypto is Enabled - Not Found | Ok | dc114.Dynamicpacks.net | Not Ok | AllowNT4Crypto | HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters |
Affected Objects
| AllowNT4Crypto Status | Connection | Domain Controller | Final Status | Reg Entry | Registry Key |
| AllowNT4Crypto is Enabled - Not Found | Ok | dc114.Dynamicpacks.net | Not Ok | AllowNT4Crypto | HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters |
TEST NAME
LAN Manager password hashes Enabled DCs
Description
No Domain Controllers are storing LAN Manager Password Hashes
TEST NAME
SMB Signing Disabled DCs
Description
SMB Signing is enabled on domain controllers.
TEST NAME
LDAP Signing Disabled DCs
Description
LDAP Signing is enabled on domain controllers.
TEST NAME
TLS 1.1 Enabled DCs
Description
TLS 1.1 protocol is not disabled on all domain controllers. Modern cyber-attacks methods often make specific use of legacy protocols in their attack and often utilize them to target organizations that have yet to implement the proper mitigation.
Recommendation and Steps
To retire the use of legacy protocols, your organization must first discover which internal entities and applications rely on them. Recommendation is to disabled TLS 1.1 protocol on all affected domain controllers by applying a registry fix or using Default Domain Controllers GPO.
Associated Objects Per Domain/AD Forest
| Connection | Domain Controller | Final Status | Reg Entry | Registry Key | TLS 1.1 Status |
| Ok | dc114.Dynamicpacks.net | Not Ok | DisabledByDefault | HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server | TLS 1.1 is not disabled - Not Found |
Affected Objects
| Connection | Domain Controller | Final Status | Reg Entry | Registry Key | TLS 1.1 Status |
| Ok | dc114.Dynamicpacks.net | Not Ok | DisabledByDefault | HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server | TLS 1.1 is not disabled - Not Found |
TEST NAME
NTLM Authentication Enabled DCs
Description
Found NTLM enabled on all domain controllers. NTLM and NTLMv2 authentication is vulnerable to various malicious attacks, including SMB replay, man-in-the-middle attacks, and brute force attacks. Reducing and eliminating NTLM authentication from your environment forces the Windows operating system to use more secure protocols, such as the Kerberos version 5 protocol, or different authentication mechanisms, such as smart cards. The main risk of disabling NTLM is the potential usage of legacy or incorrectly configured applications that can still use NTLM authentication.
Recommendation and Steps
It is recommended to disable NTLM Protocol on domain controllers by using the registry or GPO. Edit the Default Domain Policy, go to the GPO section Computer Configurations, Select Policies, and then take, security Setting from Windows Settings, then choose Local Policies -> Security Options, and find the policy Network Security: LAN Manager authentication level. Configure Send LM & NTLM responses to use NTLMv2 session security if negotiated to apply settings to all domain controllers.
Associated Objects Per Domain/AD Forest
| Connection | Domain Controller | Final Status | NTLM Protocol Status | Reg Entry | Registry Key |
| Ok | dc114.Dynamicpacks.net | Not Ok | NTLM is not disabled - Not Found | LmCompatibilityLevel | HKLM:\SYSTEM\CurrentControlSet\Services\Lsa |
Affected Objects
| Connection | Domain Controller | Final Status | NTLM Protocol Status | Reg Entry | Registry Key |
| Ok | dc114.Dynamicpacks.net | Not Ok | NTLM is not disabled - Not Found | LmCompatibilityLevel | HKLM:\SYSTEM\CurrentControlSet\Services\Lsa |
TEST NAME
Inconsistent DCs
Description
No domain controllers in inconsistent state.
TEST NAME
RC4 Encryption Enabled DCs
Description
Some Domain Controllers have RC4 encryption enabled or supported. The USE_DES_KEY_ONLY flag is set for some users. This flag allows domain controllers to issue Kerberos tickets encrypted with the DES algorithm. This property was designed for backward compatibility with older Kerberos implementations. The DES algorithm is considered weak and must not be used anymore. This flag weakens the security of distributed Kerberos tickets significantly, and speeds up brute force cracking attempts.
Recommendation and Steps
The USE_DES_KEY_ONLY flag must be unset from userAccountControl attribute of each affected account. This can be performed by unchecking the Use Kerberos DES encryption types for this account" options in the user account properties. Any incompatible software must be upgraded."
Associated Objects Per Domain/AD Forest
| Connection | Domain Controller | Final Status | Is RC4 Encryption Enabled? | msDS-SupportedEncryptionTypes Value |
| Ok | dc114.Dynamicpacks.net | Not Ok | Yes | 28-AES 128 AES 256 RC4_HMAC_MD5 |
Affected Objects
| Connection | Domain Controller | Final Status | Is RC4 Encryption Enabled? | msDS-SupportedEncryptionTypes Value |
| Ok | dc114.Dynamicpacks.net | Not Ok | Yes | 28-AES 128 AES 256 RC4_HMAC_MD5 |
TEST NAME
Unauthenticated DCs since last 45 Days
Description
All Domain Controllers have been authenticating and working as expected
TEST NAME
Secrets not renewed DCs
Description
Domain Controllers have been renewing their secrets.
TEST NAME
Missing Updates DCs
Description
Some domain controllers have not been patched for the last 45 days. Domain Controllers will not receive important security updates.
Recommendation and Steps
All Domain Controllers must be patched to avoid security risks.
Associated Objects Per Domain/AD Forest
| Command Status | Connection | Domain Controller | Final Status | Last Update Date | Number of Updates Applied Since last 45 Days |
| Ok | Ok | dc114.Dynamicpacks.net | WARNING: Domain Controller has not been patched since last 45 days. | Saturday- September 7- 2019 12:00:00 AM | 0 |
Affected Objects
| Command Status | Connection | Domain Controller | Final Status | Last Update Date | Number of Updates Applied Since last 45 Days |
| Ok | Ok | dc114.Dynamicpacks.net | WARNING: Domain Controller has not been patched since last 45 days. | Saturday- September 7- 2019 12:00:00 AM | 0 |
TEST NAME
Missed Reboot Cycles DCs
Description
All Domain controllers have been rebooting regularly. Please ensure all Domain Controllers were checked.
TEST NAME
No Contacts with Domain Controllers in Last Three Months
Description
Test has passed.
TEST NAME
Ensure UNC Paths for SYSVOL and NETLOGON are harderend
Description
TEST NAME
Ensure No Open Shares on Domain Controllers
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Zerologon Vulnerability Test
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Orphaned DCs
Description
No Orphaned Domain Controllers were found.
TEST NAME
Missing DNS Scavenging DCs
Description
Some DNS Servers do not have automatic scavenging enabled. Disabling Scavenging might result in a huge number of stale DNS Entries.
Recommendation and Steps
Note that if all your Domain Zones are AD Integrated it is recommended to keep Scavenging enabled only on one DNS Server.
Associated Objects Per Domain/AD Forest
| Command Status | Connection | Domain Controller | Final Status | Is Scavenging Enabled? | Last Scavenging Time | No Refresh Interval | Refresh Interval | Scavenging Interval |
| Ok | Ok | dc114.Dynamicpacks.net | This DNS Server is not configured to scavenge stale DNS Records automatically. | False | 7.00:00:00 |
Affected Objects
| Command Status | Connection | Domain Controller | Final Status | Is Scavenging Enabled? | Last Scavenging Time | No Refresh Interval | Refresh Interval | Scavenging Interval |
| Ok | Ok | dc114.Dynamicpacks.net | This DNS Server is not configured to scavenge stale DNS Records automatically. | False | 7.00:00:00 |
TEST NAME
Missing DNS Forwarders DCs
Description
DNS Servers have one or more DNS Forwarders configured.
TEST NAME
Missing Root Hints DCs
Description
All DNS Servers have one or more Root Hints configured.
TEST NAME
Missing Host Records DCs
Description
A Host Records for all domain controllers are registered in the DNS Server.
TEST NAME
Not Enough Free Space DCs
Description
Domain Controllers have more than 10 GB of disk space available. Please ensure all Domain Controllers were checked.
TEST NAME
Errors and Warnings in Log DCs
Description
Domain Controllers have errors in Event Logs since last 10 days in Directory Service-Application and System Logs. The errors may impact domain controller operation.
Recommendation and Steps
Test reports number of errors and warnings reported since last 10 days. You might want to check domain controllers event log to ensure the errors and warnings can be ignored safely or consult a technician to resolve these errors.
Associated Objects Per Domain/AD Forest
| Command Status | Connection | Domain Controller | Final Status | Log Name | Number Of Errors Since last 10 Days | Number Of Warnings Since last 10 Days |
| Ok | Ok | dc114.Dynamicpacks.net | Not Ok | System | 11 | 27 |
| Ok | Ok | dc114.Dynamicpacks.net | Not Ok | Application | 24 |
Affected Objects
| Domain Controller | Errors in Log? |
| dc114.Dynamicpacks.net | Found Errors and Warnings |
TEST NAME
Loopback Address Missing DCs
Description
All Domain Controllers have been configured with loopback 127.0.0.1 address. Please ensure all Domain Controllers were checked.
TEST NAME
Multihomed DCs
Description
No Multihomed Domain Controllers were found. Please ensure all Domain Controllers were checked.
TEST NAME
Missing SSL Authentication DCs
Description
Domain Controllers have not been configured with SSL. It is a security risk. All clients must be authenticated via a secure channel.
Recommendation and Steps
Please review the list provided and make sure to configure Domain Controllers with SSL.
Associated Objects Per Domain/AD Forest
| Connection | Domain Controller | Final Status | Is SSL Enabled? |
| Ok | dc114.Dynamicpacks.net | Not Ok | Not Enabled |
Affected Objects
| Connection | Domain Controller | Final Status | Is SSL Enabled? |
| Ok | dc114.Dynamicpacks.net | Not Ok | Not Enabled |
TEST NAME
NTFS Replication DCs
Description
No domain controllers were found with NTFRS Service enabled.
TEST NAME
Strict Replication Disabled DCs
Description
Strict Replication Consistency is enabled on all domain controllers.
TEST NAME
DCDiag Failure DCs
Description
All DCDiag tests have been passed on all domain controllers.
TEST NAME
Out Of Default OUs DCs
Description
All Domain Controllers are located under Domain Controllers OU.
TEST NAME
Unsupported OS DCs
Description
All Domain Controllers are running Windows Server 2012 or later versions.
TEST NAME
Missing Enough DNS Servers in NIC DCs
Description
Some Domain Controllers have not been configured with enough DNS Servers in the TCP/IP property of the network card. Domain Controllers will not be able to reach other DNS Servers for DNS lookups. Configuring enough DNS Servers will ensure a DNS Query can be resolved.
Recommendation and Steps
Please check affected objects excel sheet and check which Domain Controller requires updating with DNS configuration. It is recommended to configure domain controllers with at least 2 DNS Servers.
Associated Objects Per Domain/AD Forest
| Command Status | Connection | Default Gateway | DNS Servers | Domain Controller | Final Status | IP Address | Network Adapter Description | Subnet |
| Ok | Ok | 172.16.31.253 | 127.0.0.1 | dc114.Dynamicpacks.net | Not enough DNS Servers have been configured on this domain controller. | 172.16.31.114 fe80::98da:3be0:b630:2507 | Intel(R) 82574L Gigabit Network Connection | 255.255.255.0 64 |
Affected Objects
| Command Status | Connection | Default Gateway | DNS Servers | Domain Controller | Final Status | IP Address | Network Adapter Description | Subnet |
| Ok | Ok | 172.16.31.253 | 127.0.0.1 | dc114.Dynamicpacks.net | Not enough DNS Servers have been configured on this domain controller. | 172.16.31.114 fe80::98da:3be0:b630:2507 | Intel(R) 82574L Gigabit Network Connection | 255.255.255.0 64 |
TEST NAME
Not Enough Local Disks DCs
Description
Disks on Domain Controllers are not configured as per Active Directory best practices. Domain Controllers will result in performance issues.
Recommendation and Steps
As per best practices domain controllers file must be hosted on separate volumes to avoid any performance issues. For example, SYSVOL to be hosted on a separate disk - Active Directory Logs to be hosted on another disk and so on.
Associated Objects Per Domain/AD Forest
| Command Status | Connection | Domain Controller | Final Status | Number of Volumes |
| Ok | Ok | dc114.Dynamicpacks.net | There are less than three volumes configured in the domain controller to host OS and Active Directory Files. | 3 |
Affected Objects
| Command Status | Connection | Domain Controller | Final Status | Number of Volumes |
| Ok | Ok | dc114.Dynamicpacks.net | There are less than three volumes configured in the domain controller to host OS and Active Directory Files. | 3 |
TEST NAME
Missing DNS Dynmaic Registration on NIC DCs
Description
Dynamic DNS Registration is enabled for all domain controllers. Please ensure all Domain Controllers were checked.
TEST NAME
Missing _msdcs Zone DCs
Description
DNS Servers host _msdcs zone.
TEST NAME
Event Log Config Not Correct DCs
Description
Event Log Configuration was fetched from Domain Controllers.
TEST NAME
Event Log Size Not Optimized DCs
Description
Event Log size Configuration on Domain Controllers is ok.
TEST NAME
Scheduled Tasks found on Domain Controllers
Description
Test has failed. Scheduled tasks have been known to be exploited to allow attackers to elevate privileges gain persistence and download and deploy malware. This finding indicates that scheduled tasks were found on the Domain Controllers within the domain queried.
Recommendation and Steps
Review scheduled tasks listed in the accompanying file(s) for legitimacy and validate that they are needed. Remove any unneeded unnecessary tasks.
Associated Objects Per Domain/AD Forest
| Domain Controller | Total Scheduled Tasks |
| dc114.Dynamicpacks.net | 3 |
Affected Objects
| CimClass | CimInstanceProperties | CimSystemProperties | Domain Controller | LastRunTime | LastTaskResult | NextRunTime | NumberOfMissedRuns | PSComputerName | TaskName | TaskPath |
| Root/Microsoft/Windows/TaskScheduler:MSFT_TaskDynamicInfo | Microsoft.Management.Infrastructure.Internal.Data.CimPropertiesCollection | Microsoft.Management.Infrastructure.CimSystemProperties | dc114.Dynamicpacks.net | 12/30/2024 10:52:52 PM | 267009 | 0 | dc114.Dynamicpacks.net | CacheTask | \Microsoft\Windows\Wininet\ | |
| Root/Microsoft/Windows/TaskScheduler:MSFT_TaskDynamicInfo | Microsoft.Management.Infrastructure.Internal.Data.CimPropertiesCollection | Microsoft.Management.Infrastructure.CimSystemProperties | dc114.Dynamicpacks.net | 12/30/2024 10:53:53 PM | 267009 | 0 | dc114.Dynamicpacks.net | CreateExplorerShellUnelevatedTask | \ | |
| Root/Microsoft/Windows/TaskScheduler:MSFT_TaskDynamicInfo | Microsoft.Management.Infrastructure.Internal.Data.CimPropertiesCollection | Microsoft.Management.Infrastructure.CimSystemProperties | dc114.Dynamicpacks.net | 12/30/2024 10:52:52 PM | 267009 | 12/31/2024 10:27:27 PM | 0 | dc114.Dynamicpacks.net | MicrosoftEdgeUpdateTaskMachineCore{D1365C39-B303-4873-81D5-B8CA78667278} | \ |
TEST NAME
Fax Server role installed DCs
Description
Role/Feature is not insatlled
TEST NAME
Microsoft FTP service installed DCs
Description
Role/Feature is not insatlled
TEST NAME
Peer Name Resolution Protocol installed DCs
Description
Role/Feature is not insatlled
TEST NAME
Simple TCP-IP Services installed DCs
Description
Role/Feature is not insatlled
TEST NAME
Telnet Client installed DCs
Description
Role/Feature is not insatlled
TEST NAME
TFTP Client installed DCs
Description
Role/Feature is not insatlled
TEST NAME
Server Message Block (SMB) v1 protocol Installed DCs
Description
Role/Feature is not insatlled
TEST NAME
Windows PowerShell 2.0 installed DCs
Description
Role/Feature is not insatlled
TEST NAME
Print Spooler Service Running DCs
Description
Print Spooler Service is not disabled on all domain controllers. CVE-2021-1675 is weaponized to compromise Domain Controllers. This is actually already happening in the real world, leading to a zero-day vulnerability event. Luckily, the vulnerability can be easily thwarted with a simple configuration change on Domain Controllers by disabling the Print Spooler service.
Recommendation and Steps
Print spooler services are enabled by default. If not absolutely required, disable the service on all domain controllers. If required, make sure the server is fully patched and follow Microsoft guidance here. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
Associated Objects Per Domain/AD Forest
| Connection | Domain Controller | Final Status | Print Spooler Service Status |
| Ok | dc114.Dynamicpacks.net | Not Ok | Running-Not OK |
Affected Objects
| Connection | Domain Controller | Final Status | Print Spooler Service Status |
| Ok | dc114.Dynamicpacks.net | Not Ok | Running-Not OK |
TEST NAME
ADWS Service Set to Manual DCs
Description
ADWS Service is set to start automatically on all domain controllers.
TEST NAME
DHCP Service Running DCs
Description
DHCP Server Service is disabled or not installed on all domain controllers.
TEST NAME
Additional Roles and Features DCs
Description
Domain Controllers were found running other Roles and Features. Domain Controller performance is impacted. The System Resources will be utilized by other Roles and Features installed.
Recommendation and Steps
Please review the list provided and make sure to remove any other Roles and Features which are not needed or shift them to other servers.
Associated Objects Per Domain/AD Forest
| Domain Controller | Feature/Role | Role or Feature Name |
| dc114.Dynamicpacks.net | Feature | XPS-Viewer |
| dc114.Dynamicpacks.net | Feature | WoW64-Support |
| dc114.Dynamicpacks.net | Feature | PowerShell-ISE |
| dc114.Dynamicpacks.net | Feature | PowerShell |
| dc114.Dynamicpacks.net | Feature | PowerShellRoot |
| dc114.Dynamicpacks.net | Feature | Windows-Defender |
| dc114.Dynamicpacks.net | Feature | RSAT-DNS-Server |
| dc114.Dynamicpacks.net | Feature | RSAT-ADDS-Tools |
| dc114.Dynamicpacks.net | Feature | RSAT-AD-AdminCenter |
| dc114.Dynamicpacks.net | Feature | RSAT-ADDS |
| dc114.Dynamicpacks.net | Feature | RSAT-AD-PowerShell |
| dc114.Dynamicpacks.net | Feature | RSAT-AD-Tools |
| dc114.Dynamicpacks.net | Feature | RSAT-Role-Tools |
| dc114.Dynamicpacks.net | Feature | RSAT |
| dc114.Dynamicpacks.net | Feature | GPMC |
| dc114.Dynamicpacks.net | Feature | NET-WCF-TCP-PortSharing45 |
| dc114.Dynamicpacks.net | Feature | NET-WCF-Services45 |
| dc114.Dynamicpacks.net | Feature | NET-Framework-45-Core |
| dc114.Dynamicpacks.net | Feature | NET-Framework-45-Features |
| dc114.Dynamicpacks.net | Role Service | Storage-Services |
| dc114.Dynamicpacks.net | Role Service | FS-FileServer |
| dc114.Dynamicpacks.net | Role Service | File-Services |
| dc114.Dynamicpacks.net | Role | FileAndStorage-Services |
| dc114.Dynamicpacks.net | Role | DNS |
| dc114.Dynamicpacks.net | Role | AD-Domain-Services |
Affected Objects
| Connection | Domain Controller | Final Status | Total Features | Total Roles |
| Ok | dc114.Dynamicpacks.net | NOT OK | 19 | 6 |
TEST NAME
AD Services not running DCs
Description
All Domain Controller Services are running. Please ensure all Domain Controllers were checked.
TEST NAME
Software Installed on Domain Controllers
Description
Test has failed. A list of software installed on Domain Controllers. Best Practice dictates that nothing should be installed on a Domain Controller that is not necessary for it to function. These should be audited and reviewed regularly.
Recommendation and Steps
Remove any software installations that are not needed for Domain Controller functionality.
Associated Objects Per Domain/AD Forest
| Domain Controller | Final Status | No of Software Installed |
| dc114.Dynamicpacks.net | Not Ok | 6 |
Affected Objects
| InstallDate | Name | PSComputerName |
| 20241230 | SmartProfiler Security | DC114 |
| 20241221 | VMware Tools | DC114 |
| 20241221 | Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 | DC114 |
| 20241221 | Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 | DC114 |
| 20241221 | Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 | DC114 |
| 20241221 | Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 | DC114 |
TEST NAME
Total Undefined Subnets
Description
Did not find any subnets that is under unknown category. Please ensure all Domain Controllers were checked.
TEST NAME
Sites without ISTG Role
Description
All AD Sites have ISTG Defined.
TEST NAME
Manual Replication Connection Objects
Description
No Manual AD Replication Connection Objects found in the AD Forest.
TEST NAME
Sites without Subnets Association
Description
Some AD Sites do not have Subnets associated. Application and User authentication is impacted. Users and applications will go to domain controllers in other sites for authentications.
Recommendation and Steps
It is highly recommended to associate required user/application subnets with AD Sites. If subnets are not associated with AD Sites users in the AD Sites might choose a remote domain controller for authentication.
Associated Objects Per Domain/AD Forest
| Active Directory Site | Final Status | Site Location | Total Subnets |
| Default-First-Site-Name | Not Ok |
Affected Objects
| Active Directory Site | Final Status | Site Location | Total Subnets |
| Default-First-Site-Name | Not Ok |
TEST NAME
Missing Global Catalog Sites
Description
All Sites are configured at least with one Global Catalog Server.
TEST NAME
Missing AD Sites Coverage
Description
Some Active Directory sites are not covered. Each Active Directory site needs to be covered by each other. Otherwise, users will be authenticated to other site domain controllers resulting in crossing network boundaries.
Recommendation and Steps
Please ensure KCC has run its algorithm to cover each Active Directory Site. Initiate the KCC algorithm manually.
Associated Objects Per Domain/AD Forest
| AD Site | Adjacent Sites | Final Status | Total Adjacent Sites |
| Default-First-Site-Name | Not Ok - This AD Site is not covered. | 0 |
Affected Objects
| AD Site | Adjacent Sites | Final Status | Total Adjacent Sites |
| Default-First-Site-Name | Not Ok - This AD Site is not covered. | 0 |
TEST NAME
Duplicate Site Links
Description
No Duplicate site Links were found.
TEST NAME
Sites Missing Bridgehead Server
Description
Some AD Sites are configured with manual or no automatic Bridgehead Servers were found. Since KCC can designate a domain controller as a bridgehead server automatically, it is recommended to avoid assigning manual Bridgehead Servers. A bridgehead server is a server that is mainly used for intersite replication. You can configure a bridgehead server for every site that is created for each intersite replication protocol. This helps to control the server that is used to replicate information to other servers.
Recommendation and Steps
The ability to configure a server as a bridgehead server gives you greater control over the resources used for replication between intersite. It is recommended to remove manually configured bridgehead servers and let KCC designate a bridgehead server automatically.
Associated Objects Per Domain/AD Forest
| AD Site | Auto BH | Final Status | IP-Servers | Manual IP-BHs | Manual SMTP-BHs | Servers | SMTP-Servers |
| Default-First-Site-Name | 0 | Bridgehead Servers not assigned by KCC | 0 | 0 |
Affected Objects
| AD Site | Auto BH | Final Status | IP-Servers | Manual IP-BHs | Manual SMTP-BHs | Servers | SMTP-Servers |
| Default-First-Site-Name | 0 | Bridgehead Servers not assigned by KCC | 0 | 0 |
TEST NAME
Sites With Manual Bridgehead Server
Description
No manual Bridgehead servers are configured.
TEST NAME
Sites creating Mesh Topology
Description
TEST NAME
Replication Interval Not Optimized Sites
Description
Some Active Directory Site Links are using non-standard Replication Intervals. AD Sites have been configured to use 180 as the replication interval. If you have only one AD Site in your environment, then ignore the issue. The frequent changes will not replicate as quickly as possible between AD Sites.
Recommendation and Steps
It is recommended to configure a lower replication interval for sites that process changes frequently.
Associated Objects Per Domain/AD Forest
| AD Site Link | Final Status | Replication Interval | Total Sites In Link |
| DEFAULTIPSITELINK | Not Ok | 180 | 1 |
Affected Objects
| AD Site Link | Final Status | Replication Interval | Total Sites In Link |
| DEFAULTIPSITELINK | Not Ok | 180 | 1 |
TEST NAME
AD Sites Redundancy
Description
Some AD Sites have only one Domain Controller deployed. Single Point of Failure. If the domain controller goes down in the AD Site, the authentication will be impacted for users and applications reside in the AD Site.
Recommendation and Steps
It is recommended to have at least two domain controllers deployed in an AD Site to avoid clients reaching out to remote domain controllers for authentication.
Associated Objects Per Domain/AD Forest
| AD Site | Final Status | Location | Total Servers |
| Default-First-Site-Name | Not Ok | 1 |
Affected Objects
| AD Site | Final Status | Location | Total Servers |
| Default-First-Site-Name | Not Ok | 1 |
TEST NAME
AD Sites without Site Link
Description
All AD Sites are associated with a Site Link.
TEST NAME
AD Sites without Domain Controller
Description
All AD Sites have at least one Domain Controller deployed.
TEST NAME
PDC Emulator Time Source
Description
Domain Controller Time Synchronization is not correct. Impacts authentication between domain controllers and clients.
Recommendation and Steps
Please ensure PDC syncs its time from an External NTP Server and other domain controllers sync using the default Time Synchronization settings. All other Domain Controllers must be using NT5DS registry entry.
Associated Objects Per Domain/AD Forest
| Command Status | Connection | Controller Type | Domain Controller | Final Status | Sync From |
| Ok | Ok | PDC | dc114.Dynamicpacks.net | WARNING: Root PDC must sync its time from an External NTP Server by specifying NTP (Local) value in Type Registry entry. It is not recommended to use NT5DS and AllSync(Local) for PDC. | Internal Source |
Affected Objects
TEST NAME
Domain Controllers Time Source
Description
Domain Controllers have been configured with the correct time source.
TEST NAME
Domain FSMO Placement
Description
FSMO Placement is correct.
TEST NAME
Domain Naming Master and Schema Master Placement
Description
Schema Master and Domain Naming Master are hosted on same computer.
TEST NAME
Managed Service Accounts Not Linked
Description
Managed Service Accounts are linked to computer accounts.
TEST NAME
TombstoneLifeTime Modified?
Description
TombstoneLifetime value is set to 180 days.
TEST NAME
Check AD Forest Functional Level
Description
Test has passed.
TEST NAME
Check AD Domain Functional Level
Description
Test has passed.
TEST NAME
Ogranizational Units without Objects
Description
No Empty Organizational Units were found in AD Domains.
TEST NAME
Security Groups without Objects
Description
Security Groups have been created in Domain, but they do not hold any members. Refer issue details.
Recommendation and Steps
Please check why empty Security Groups have been created in Domain. The output also contains the pre-defined security groups other than user-defined security groups.
Associated Objects Per Domain/AD Forest
| AD Domain | Total Groups Without Members |
| Dynamicpacks.net | 32 |
Affected Objects
| AD Domain | DistinguishedName |
| Dynamicpacks.net | CN=DnsUpdateProxy-CN=Users-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=DnsAdmins-CN=Users-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Enterprise Key Admins-CN=Users-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Key Admins-CN=Users-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Protected Users-CN=Users-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Cloneable Domain Controllers-CN=Users-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Enterprise Read-only Domain Controllers-CN=Users-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Allowed RODC Password Replication Group-CN=Users-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Terminal Server License Servers-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Incoming Forest Trust Builders-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Account Operators-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Server Operators-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=RAS and IAS Servers-CN=Users-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Cert Publishers-CN=Users-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Storage Replica Administrators-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Remote Management Users-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Access Control Assistance Operators-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Hyper-V Administrators-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=RDS Management Servers-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=RDS Endpoint Servers-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=RDS Remote Access Servers-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Certificate Service DCOM Access-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Event Log Readers-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Cryptographic Operators-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Distributed COM Users-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Performance Log Users-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Performance Monitor Users-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Network Configuration Operators-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Remote Desktop Users-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Replicator-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Backup Operators-CN=Builtin-DC=Dynamicpacks-DC=net |
| Dynamicpacks.net | CN=Print Operators-CN=Builtin-DC=Dynamicpacks-DC=net |
TEST NAME
Users without UPN specified
Description
Some Domain Users do not have UPN filled. UPN is required by other applications.
Recommendation and Steps
Please review the list and make sure to address the users that do not have the UPN filled.
Associated Objects Per Domain/AD Forest
| AD Domain | Total Users With Blank UPN |
| Dynamicpacks.net | 3 |
Affected Objects
| AD Domain | BadLogonCount | DistinguishedName | DoesNotRequirePreAuth | Enabled | PasswordLastSet | PasswordNeverExpires | PasswordNotRequired | PrimaryGroupID | PWDLastSet | SamAccountName | SIDHistory | UserAccountControl | UserPrincipalName |
| Dynamicpacks.net | 0 | CN=krbtgt-CN=Users-DC=Dynamicpacks-DC=net | False | False | 12/30/2024 10:50:46 PM | False | False | 513 | 133801014466281895 | krbtgt | Microsoft.ActiveDirectory.Management.ADPropertyValueCollection | 514 | |
| Dynamicpacks.net | 0 | CN=Guest-CN=Users-DC=Dynamicpacks-DC=net | False | False | True | True | 514 | 0 | Guest | Microsoft.ActiveDirectory.Management.ADPropertyValueCollection | 66082 | ||
| Dynamicpacks.net | 0 | CN=Administrator-CN=Users-DC=Dynamicpacks-DC=net | False | True | 12/21/2024 9:36:08 PM | True | False | 513 | 133793193685017197 | Administrator | Microsoft.ActiveDirectory.Management.ADPropertyValueCollection | 66048 |
TEST NAME
Unprotected OUs
Description
Some Organizational Units have not been protected from Accidental deletion. Accidental Deletion protects objects from being deleted accidentally.
Recommendation and Steps
Please ensure Accidental Deletion is configured for all OUs.
Associated Objects Per Domain/AD Forest
| AD Domain | Total Organizational Units Not Protected |
| Dynamicpacks.net | 1 |
Affected Objects
| AD Domain | Is Protected? | OU Name | OU Path |
| Dynamicpacks.net | Not Protected | Domain Controllers | OU=Domain Controllers-DC=Dynamicpacks-DC=net |
TEST NAME
Duplicate SPNs
Description
No Duplicate SPNs were found in Active Directory.
TEST NAME
Unauthenticated Servers
Description
All Servers have been changing their passwords within allowed days limit.
TEST NAME
Secrets not renewed Servers
Description
All servers have been changing their passwords within 45 days.
TEST NAME
Missing Location Text in AD Sites
Description
AD Sites do not have a description text set that defines the AD site location. In a large environment it will be difficult to identify sites or applications will fail to query AD Site description if not defined.
Recommendation and Steps
It is recommended to set a description text to identify the role of the AD Site. Some applications use AD Site Location text to get the details about the AD Sites.
Associated Objects Per Domain/AD Forest
| AD Site | Final Status | Location Text |
| Default-First-Site-Name | Please provide a description for AD Site. |
Affected Objects
| AD Site | Final Status | Location Text |
| Default-First-Site-Name | Please provide a description for AD Site. |
TEST NAME
AD Forest Schema Not upto date
Description
Forest is using UpToDate schema
TEST NAME
Found Unused Netlogon Scripts
Description
TEST NAME
Disabled GPOs
Description
No Disabled GPOs found in AD Domains.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Total Disabled GPOs |
| Dynamicpacks.net | 0 |
Affected Objects
TEST NAME
GPOs not Linked to OUs
Description
All Organizational Units have atleast one GPO defined.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | GPO Not Linked To Total Organizational Units |
| Dynamicpacks.net | 0 |
Affected Objects
TEST NAME
GPOs not Applying
Description
All GPO objects are applying successfully.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Applies To | GPO Name |
| Dynamicpacks.net | Authenticated Users | Default Domain Controllers Policy |
| Dynamicpacks.net | Authenticated Users | Default Domain Policy |
Affected Objects
TEST NAME
Orphaned GPO Containers
Description
No Orphaned Group Policy Objects were found.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Total Orphaned GPTs |
| Dynamicpacks.net | No Orphaned GPTs |
Affected Objects
TEST NAME
Found GPOs with Block Inheritance
Description
None of the Organizational Units have been configured with GPO Block Policy Inheritance settings.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Total GPO Using Block Inheritance Option |
| Dynamicpacks.net | 0 |
Affected Objects
TEST NAME
GPO Naming Convention
Description
All GPO follow standard naming convention.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Total GPOs Not Following Standard Naming Convention |
| Dynamicpacks.net | 0 |
Affected Objects
TEST NAME
GPO Description
Description
Some Group Policy Objects do not have a description set. While there is no direct impact on this but ensuring a description is set on GPO for identification.
Recommendation and Steps
It is recommended to set description for each GPO in domain.
Associated Objects Per Domain/AD Forest
| AD Domain | Total GPOs Without Description |
| Dynamicpacks.net | 2 |
Affected Objects
| Connected to PDC Server | Description | Final Status | GPO Name | In AD Domain |
| dc114.Dynamicpacks.net | Not Ok | Default Domain Controllers Policy | Dynamicpacks.net | |
| dc114.Dynamicpacks.net | Not Ok | Default Domain Policy | Dynamicpacks.net |
TEST NAME
Found GPO with WMI Filters
Description
No GPOs have been configured with WMI Filters.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Total GPOs With WMI Filter |
| Dynamicpacks.net | 0 |
Affected Objects
TEST NAME
Domain GPO Application Status
Description
All GPOs have been configured to apply to required objects.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Total GPO Not Applied |
| Dynamicpacks.net | 0 |
Affected Objects
TEST NAME
No Group Policy Objects Defining Log Size and Retention
Description
Test has failed. Group Policy Objects are used to centralize enforcement of configurations and policies for domain user and computer assets. GPO's can be leveraged to define log file size and retention.
Recommendation and Steps
Create a Group Policy Object to enforce the configuration of logging on servers and endpoints. At a minimum logging should be enabled and enforced on mission critical systems.
Associated Objects Per Domain/AD Forest
| AD Domain | Log Size and Retention Configured? |
| Dynamicpacks.net | No GPO defining log size or retention |
Affected Objects
| AD Domain | Log Size and Retention Configured? |
| Dynamicpacks.net | No GPO defining log size or retention |
TEST NAME
No Group Policy Objects to Prevent Domain Admins from logging on to Workstations or Servers Found
Description
Test has failed. Group Policy Objects are used to centralize enforcement of configurations and policies for domain user and computer assets. GPO's can be leveraged to remove the ability to perform unsafe actions like logging into a workstation as a Domain Admin. These actions increase the risk and likelihood of credential theft and compromise.
Recommendation and Steps
Create a Group Policy Object to prevent Domain Admins from logging on to Workstations or Servers.
Associated Objects Per Domain/AD Forest
| AD Domain | Status |
| Dynamicpacks.net | No GPO to prevent Domain Admin Accounts from logging on to Workstations or Servers |
Affected Objects
| AD Domain | Status |
| Dynamicpacks.net | No GPO to prevent Domain Admin Accounts from logging on to Workstations or Servers |
TEST NAME
No Group Policy Objects to Block ISO Execution Found
Description
Test has failed. Group Policy Objects are used to centralize enforcement of configurations and policies for domain user and computer assets. GPO's can be leveraged to disable execution of ISO automatically.
Recommendation and Steps
Create a Group Policy Object to disable ISO execution.
Associated Objects Per Domain/AD Forest
| AD Domain | Status |
| Dynamicpacks.net | No GPO to block ISO file launch |
Affected Objects
| AD Domain | Status |
| Dynamicpacks.net | No GPO to block ISO file launch |
TEST NAME
No Group Policy Objects to Prevent Credential Caching on to Workstations or Servers Found
Description
Test has passed.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
No Group Policy Objects to Mitigate SMBv1 Found
Description
Test has failed. Group Policy Objects are used to centralize enforcement of configurations and policies for domain user and computer assets. GPO's can be leveraged to disable unsafe protocols like SMBv1. While disabling or removing SMBv1 might cause some compatibility issues with old computers or software SMBv1 has significant security vulnerabilities and should not be used.
Recommendation and Steps
Create a Group Policy Object to disable SMBv1 protocols.
Associated Objects Per Domain/AD Forest
| AD Domain | Status |
| Dynamicpacks.net | No GPO to disable SMBv1 |
Affected Objects
| AD Domain | Status |
| Dynamicpacks.net | No GPO to disable SMBv1 |
TEST NAME
No Group Policy Objects Enforcing UAC Prompt for Elevation Found
Description
Test has failed. Group Policy Objects are used to centralize enforcement of configurations and policies for domain user and computer assets. GPO's can be leveraged to enforce security measures like the User Account Control (UAC) prompt to grant elevated permissions. Enforcing the use of the UAC prompt hinders an attackers ability to silently or programmatically elevate a standard users privileges to administrative permissions.
Recommendation and Steps
Create a Group Policy Object to enforce UAC prompts for all users.
Associated Objects Per Domain/AD Forest
| AD Domain | Status |
| Dynamicpacks.net | No GPO found enforcing UAC prompt for elevation |
Affected Objects
| AD Domain | Status |
| Dynamicpacks.net | No GPO found enforcing UAC prompt for elevation |
TEST NAME
No Group Policy Objects to Mitigate Accidental Script Execution
Description
Test has failed. Groups Policy Objects are used to centralize enforcement of configurations and policies for domain user and computer assets. GPO's can be leveraged to replace the default file associations with a program of your choice. Replacing the default file association of JavaScript (.js) file extensions to a program like notepad will mitigate the risk associated with automated or inadvertent file execution. The following extensions are evaluated
Recommendation and Steps
Create a Group Policy Object to replace the default file association for JavaScript file extensions.
Associated Objects Per Domain/AD Forest
| AD Domain | Status |
| Dynamicpacks.net | No GPO to block accidental execution of js jse cjs mjs iced liticed iced.md cs coffee litcoffee coffee.md ts tsx ls es6 es jsx sjs eg |
Affected Objects
| AD Domain | Status |
| Dynamicpacks.net | No GPO to block accidental execution of js jse cjs mjs iced liticed iced.md cs coffee litcoffee coffee.md ts tsx ls es6 es jsx sjs eg |
TEST NAME
No Group Policy Objects to Mitigate NTLMv1 Protocol
Description
Test has failed. NTLMv1 is a legacy authentication protocol with weak encryption that allows attackers to easily retrieve credentials from the network and perform NTLM Relay attacks.
Recommendation and Steps
Create a Group Policy Object to disable NTLMv1 protocols. Additionally, disabling these protocols in a Golden Image is recommended.
Associated Objects Per Domain/AD Forest
| AD Domain | Status |
| Dynamicpacks.net | No GPO to disable or audit NTLMv1 |
Affected Objects
| AD Domain | Status |
| Dynamicpacks.net | No GPO to disable or audit NTLMv1 |
TEST NAME
No Group Policy Objects for Preventing passwords using reversible encryption
Description
TEST NAME
GPO Preferences Containing Passwords
Description
TEST NAME
Too many DNS Static Records
Description
No DNS Static Records were found in Domain Zones.
TEST NAME
DNS Round-Robin Not Enabled
Description
All DNS Servers have DNS Round Robin Enabled.
TEST NAME
Conditional Forwarders Not Working
Description
DNS Servers do not host any Conditional Forwarders.
TEST NAME
High Value Targets Found
Description
Test has failed. Members of Administrative groups have elevated privileges in an Active Directory environment. Compromise of these accounts allows attackers to control various aspects of the domain up to and including a complete domain takeover.
Recommendation and Steps
Review members of these Administrative groups and ensure that they do require these rights. Proper delegation of rights to non-default Security Groups offers greater security for the domain. Consider using a Privileged Access Management (PAM) tool and Just in Time (JIT) Administration utilities.
Associated Objects Per Domain/AD Forest
| AD Domain | Total HVT |
| Dynamicpacks.net | 2 |
Affected Objects
| AD Domain | Value |
| Dynamicpacks.net | Guest is a member of Guests |
| Dynamicpacks.net | Administrator is a member of Administrators |
TEST NAME
Accounts with Extended Rights to Read LAPS Passwords Found
Description
Test has failed. Accounts in an Active Directory with extended or overly permissive rights to OU's and Computers may be granted unintentional permissions to read modify or administer the Local Admin Password Solution (LAPS) on domain objects.
Recommendation and Steps
Identified accounts should be reviewed to ensure that they are supposed to have the rights to view read or modify LAPS password information. Auditing of LAPS access can be configured by running the PowerShell commands.
Associated Objects Per Domain/AD Forest
| AD Domain | Status |
| Dynamicpacks.net | LAPS Module not installed |
Affected Objects
TEST NAME
Access Control Lists on Computers Found
Description
Test has passed.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Total Abusable ACLs |
| Dynamicpacks.net | 0 |
Affected Objects
TEST NAME
Access Control Lists on Security Groups Found
Description
Test has passed.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| Abusable ACLs on Group Objects | AD Domain |
| 0 | Dynamicpacks.net |
Affected Objects
TEST NAME
Access Control Lists on Users Found
Description
Test has passed.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| Abusable ACLs on User Objects | AD Domain |
| 0 | Dynamicpacks.net |
Affected Objects
TEST NAME
Group Policy Objects with Improper Permissions Found
Description
Test has passed.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| Abusable GPO Permissions Found? | AD Domain |
| No | Dynamicpacks.net |
Affected Objects
TEST NAME
Group Policy Object Assignments with Improper Permissions Found
Description
Test has passed.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Found Improper GPO Permissions? |
| Dynamicpacks.net | No |
Affected Objects
TEST NAME
Dangerous Permissions Found on MicrosoftDNS Container
Description
Test has passed.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Found Abusable Permissions on MicrosoftDNS Container? |
| Dynamicpacks.net | No |
Affected Objects
TEST NAME
Dangerous Permissions Found on Naming Contexts
Description
Test has passed.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Pre-Windows 2000 Compatible Access Group is not empty
Description
Test has passed.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Is Pre-Windows 2000 Compatible Access Group Empty? |
| Dynamicpacks.net | 0 |
Affected Objects
TEST NAME
Found Groups with SID history Set
Description
Test has passed.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Total Groups Containing SID History |
| Dynamicpacks.net | 0 |
Affected Objects
TEST NAME
Normal Users Full Control Permissions on OUs
Description
No Organizational Units have Full Control for any account configured.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Total Normal Users with Full Control On OUs |
| Dynamicpacks.net | 0 |
Affected Objects
TEST NAME
EVERYONE Full Control Permissions on OUs
Description
No Organizational Units have Full Control for Everyone configured.
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | Total Organizational Units With EVERYONE Full Control Permission |
| Dynamicpacks.net | 0 |
Affected Objects
TEST NAME
Abusable Permissions Found on SYSVOL and NETLOGON
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| Access Type | AD Domain | Allow/Deny | Identity | ShareType |
| ReadAndExecuteExtended | Dynamicpacks.net | Allow | BUILTIN\Server Operators | NETLOGON |
| ReadAndExecute | Dynamicpacks.net | Synchronize | BUILTIN\Server Operators | NETLOGON |
| ReadAndExecuteExtended | Dynamicpacks.net | Allow | BUILTIN\Administrators | NETLOGON |
| FullControl (Sub Only) | Dynamicpacks.net | Allow | BUILTIN\Administrators | NETLOGON |
| ReadAndExecuteExtended | Dynamicpacks.net | Allow | NT AUTHORITY\SYSTEM | NETLOGON |
| FullControl (Sub Only) | Dynamicpacks.net | Allow | NT AUTHORITY\SYSTEM | NETLOGON |
| ReadAndExecuteExtended | Dynamicpacks.net | Allow | NT AUTHORITY\Authenticated Users | NETLOGON |
| ReadAndExecute | Dynamicpacks.net | Synchronize | NT AUTHORITY\Authenticated Users | NETLOGON |
| FullControl (Sub Only) | Dynamicpacks.net | Allow | CREATOR OWNER | NETLOGON |
| ReadAndExecuteExtended | Dynamicpacks.net | Allow | BUILTIN\Server Operators | SYSVOL |
| -1610612736 | Dynamicpacks.net | Allow | BUILTIN\Server Operators | SYSVOL |
| ReadAndExecuteExtended | Dynamicpacks.net | Allow | BUILTIN\Administrators | SYSVOL |
| ReadAndExecuteExtended | Dynamicpacks.net | Allow | BUILTIN\Administrators | SYSVOL |
| ReadAndExecuteExtended | Dynamicpacks.net | Allow | NT AUTHORITY\SYSTEM | SYSVOL |
| FullControl (Sub Only) | Dynamicpacks.net | Allow | NT AUTHORITY\SYSTEM | SYSVOL |
| ReadAndExecuteExtended | Dynamicpacks.net | Allow | NT AUTHORITY\Authenticated Users | SYSVOL |
| -1610612736 | Dynamicpacks.net | Allow | NT AUTHORITY\Authenticated Users | SYSVOL |
| ReadAndExecuteExtended | Dynamicpacks.net | Allow | CREATOR OWNER | SYSVOL |
Affected Objects
TEST NAME
LAPS SearchFlag modified
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Forest | Final Status | LAPS SearchFlag Permissions |
| DynamicPacks.net | NOT OK - Doesn't contain fCONFIDENTIAL |
Affected Objects
| AD Forest | Final Status | LAPS SearchFlag Permissions |
| DynamicPacks.net | NOT OK - Doesn't contain fCONFIDENTIAL |
TEST NAME
Unauthorized Users having GPLink Rights on Domain NC
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | GPLink Write Found on Domain NC by unauthorized users? |
| Dynamicpacks.net | Not Found |
Affected Objects
TEST NAME
Unauthorized Users having GPLink Rights on Domain Controllers OU
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Domain | GPLink Write Found on Domain Controllers OU by unauthorized users? |
| Dynamicpacks.net | Not Found |
Affected Objects
TEST NAME
Unauthorized Users having GPLink Rights on AD Sites
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
| AD Forest | GPLink Write Found on AD Sites by unauthorized users? |
| DynamicPacks.net | Not Found |
Affected Objects
TEST NAME
Ensure On-Prem AD Users are not Privileged Users in Azure Entra ID
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure Azure Administrative Units are used
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure Azure Guests cannot invite other Guests
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure privileged accounts have MFA Configured
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure non-Admins cannot register custom applications
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure no Guest Accounts in Azure Privileged groups
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure Security Defaults is enabled
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure Conditional Access Policy with signin user-risk location as Factor
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure no Guest accounts that are inactive for more than 45 days
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Conditional Access policy with Continuous Access Evaluation disabled
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
AAD Connect sync account password reset
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure Guest users are restricted
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure user are configured with MFA
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Conditional Access Policy that disables admin token persistence
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Conditional Access Policy that does not require a password change from high risk users
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Conditional Access Policy that does not require MFA when sign-in risk has been identified
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure Guest invites not accepted in last 30 days are identified
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure Synced AAD Users not privileged Users in Azure
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure No Private IP Addresses in Conditional Access policies
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure Number Matching enabled in MFA
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure AD privileged users are not synced to AAD
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure no more than 5 Global Administrators
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure SSO computer account with latest password
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
TEST NAME
Ensure RBCD is not applied to AZUREADSSOACC account
Description
Recommendation and Steps
Associated Objects Per Domain/AD Forest
Affected Objects
SmartProfiler scoring method is determined by using following formulas:
As you can see in below score for Sensitive Changes category. There are seven tests in Sensitive Changes category and only FIVE out of seven have been passed.
Show overall score for tests executed in Sensitive Changes and make sure Sensitive Objects in AD are not modified.
SENSITIVE CHANGES SCORE
Show overall score for tests executed in Sensitive Changes and make sure Sensitive Objects in AD are not modified.
SENSITIVE CHANGES SCORE