Active Directory has several levels of administration beyond the Domain Admins group. In a previous post, I explored: “Securing Domain Controllers to Improve Active Directory Security” which explores ways to better secure Domain Controllers and by extension, Active Directory. For more information on Active Directory specific rights and permission review my post “Scanning for Active …
Tag: Print Operators
Aug 10 2017
Beyond Domain Admins – Domain Controller & AD Administration
- Active Directory Admins, Active Directory groups, Active Directory Security, ActiveDirectory, AD Administrators, AD Admins, AD Security, allow log on locally, Back-up files & directories, Backup Operators, Builtin, DC rights, DCSync, Default AD groups, Default Domain Controller Policy, domain Administrators group, Domain Admins, Domain Controller, Domain Controller groups, Domain Controller rights, Enable computer and user accounts to be trusted for delegation, Force shutdown from a remote system, Get-ADGroupMember, Log on as a batch job, Log on as a service, Manage auditing and security log, Print Operators, Remote Desktop users, Restore files & directories, Schema Admins, Server Operators, Synchronize directory service data
- 1 comment
Jun 14 2017
Scanning for Active Directory Privileges & Privileged Accounts
Active Directory Recon is the new hotness since attackers, Red Teamers, and penetration testers have realized that control of Active Directory provides power over the organization. I covered ways to enumerate permissions in AD using PowerView (written by Will @harmj0y) during my Black Hat & DEF CON talks in 2016 from both a Blue Team …
- Account Operators, Active Directory permissions, Active Directory PRivileged Access, Active Directory Security, AD, AD ACLs, AD Delegation, AD groups in Local Groups, AD Security, AdminSDHolder, Allow logon locally, Allow logon over Remote Desktop Services, Backup Operators, Bloodhound, Create GPO rights, CreateChild, DCSync, DeleteChild, Domain Admins, Enable computer and user accounts to be trusted for delegation, Enterprise Admins, Extended Right, Full Control, GenericAll, GenericWrite, GPO, Greoup Policy Delegation, Group Membership, Group Policy Object, Group Policy Permission, Impersonate a client after authentication, Link GPO rights, Manage auditing and security log, Manage Group Policy link, PowerView, Print Operators, Replicating Directory Changes All, Restricted Groups, S-1-5--512, S-1-5--517, S-1-5--520, S-1-5-21--1102, S-1-5-21--519, S-1-5-21--525, S-1-5-21--571, S-1-5-32--574, S-1-5-32-544, S-1-5-32-548, S-1-5-32-550, S-1-5-32-551, S-1-5-32-554, S-1-5-32-562, S-1-5-32-573, S-1-5-32-578, SACL, Schema Admins, SDDL, SDProp, Self, SeMachineAccountPrivilege, SeNetworkLogonRight, SeTcbPrivilege, SeTrustedCredManAccessPrivilege, SIDHistory, Synchronize directory service data, User Rights Assignments, Validated Write, WriteDACL, WriteOwner, WritePRoperty
- 2 comments
Recent Posts
- Attacking Active Directory Group Managed Service Accounts (GMSAs)
- From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path
- What is Azure Active Directory?
- Slides Posted for Black Hat USA 2019 Talk: Attacking & Defending the Microsoft Cloud
- AD Reading: Windows Server 2019 Active Directory Features
Trimarc Active Directory Security Services
Have concerns about your Active Directory environment?
Trimarc helps enterprises improve their security posture.
Find out how... TrimarcSecurity.com
Popular Posts
- PowerShell Encoding & Decoding (Base64)
- Attack Methods for Gaining Domain Admin Rights in…
- Kerberos & KRBTGT: Active Directory’s…
- Finding Passwords in SYSVOL & Exploiting Group…
- Securing Domain Controllers to Improve Active…
- Securing Windows Workstations: Developing a Secure Baseline
- Mimikatz DCSync Usage, Exploitation, and Detection
- Detecting Kerberoasting Activity
- Scanning for Active Directory Privileges &…
- The Most Common Active Directory Security Issues and…
Categories
- ActiveDirectorySecurity
- Apple Security
- Cloud Security
- Continuing Education
- Entertainment
- Exploit
- Hacking
- Hardware Security
- Hypervisor Security
- Linux/Unix Security
- Malware
- Microsoft Security
- Mitigation
- Network/System Security
- PowerShell
- RealWorld
- Security
- Security Conference Presentation/Video
- Security Recommendation
- Technical Article
- Technical Reading
- Technical Reference
- TheCloud
- Vulnerability
Tags
ActiveDirectory
Active Directory
ActiveDirectoryAttack
ActiveDirectorySecurity
Active Directory Security
ADReading
ADSecurity
AD Security
DCSync
DEFCON
DomainController
EMET5
GoldenTicket
HyperV
Invoke-Mimikatz
KB3011780
KDC
Kerberos
KerberosHacking
KRBTGT
LAPS
LSASS
MCM
MicrosoftEMET
MicrosoftWindows
mimikatz
MS14068
PassTheHash
PowerShell
PowerShellCode
PowerShellHacking
PowerShellv5
PowerSploit
Presentation
Security
SIDHistory
SilverTicket
SneakyADPersistence
SPN
TGS
TGT
Windows10
WindowsServer2008R2
WindowsServer2012
WindowsServer2012R2