Active Directory has several levels of administration beyond the Domain Admins group. In a previous post, I explored: “Securing Domain Controllers to Improve Active Directory Security” which explores ways to better secure Domain Controllers and by extension, Active Directory. For more information on Active Directory specific rights and permission review my post “Scanning for Active …
Tag: Restore files & directories
Aug 10
Beyond Domain Admins – Domain Controller & AD Administration
- Active Directory Admins, Active Directory groups, Active Directory Security, ActiveDirectory, AD Administrators, AD Admins, AD Security, allow log on locally, Back-up files & directories, Backup Operators, Builtin, DC rights, DCSync, Default AD groups, Default Domain Controller Policy, domain Administrators group, Domain Admins, Domain Controller, Domain Controller groups, Domain Controller rights, Enable computer and user accounts to be trusted for delegation, Force shutdown from a remote system, Get-ADGroupMember, Log on as a batch job, Log on as a service, Manage auditing and security log, Print Operators, Remote Desktop users, Restore files & directories, Schema Admins, Server Operators, Synchronize directory service data
- 1 comment
Recent Posts
- Attacking Read-Only Domain Controllers (RODCs) to Own Active Directory
- Securing Microsoft Active Directory Federation Server (ADFS)
- Gathering AD Data with the Active Directory PowerShell Module
- Beyond Domain Admins – Domain Controller & AD Administration
- Scanning for Active Directory Privileges & Privileged Accounts
Trimarc Active Directory Security Services
Have concerns about your Active Directory environment?
Trimarc helps enterprises improve their security posture.
Find out how... TrimarcSecurity.com
Popular Posts
- Attack Methods for Gaining Domain Admin Rights in…
- PowerShell Encoding & Decoding (Base64)
- Securing Windows Workstations: Developing a Secure Baseline
- The Most Common Active Directory Security Issues and…
- Building an Effective Active Directory Lab…
- Detecting Offensive PowerShell Attack Tools
- Securing Domain Controllers to Improve Active…
- Microsoft Local Administrator Password Solution (LAPS)
- Finding Passwords in SYSVOL & Exploiting Group…
- PowerShell Version 5 is Available for Download (again)
Categories
- ActiveDirectorySecurity
- Apple Security
- Cloud Security
- Continuing Education
- Entertainment
- Exploit
- Hacking
- Hardware Security
- Hypervisor Security
- Linux/Unix Security
- Malware
- Microsoft Security
- Mitigation
- Network/System Security
- PowerShell
- RealWorld
- Security
- Security Conference Presentation/Video
- Security Recommendation
- Technical Article
- Technical Reading
- Technical Reference
- TheCloud
- Vulnerability
Tags
Active Directory
ActiveDirectory
ActiveDirectoryAttack
ActiveDirectorySecurity
Active Directory Security
ADReading
ADSecurity
DCSync
DEFCON
DomainController
EMET5
GoldenTicket
HyperV
Invoke-Mimikatz
KB3011780
KDC
Kerberos
KerberosHacking
KRBTGT
LAPS
LSASS
MCM
MicrosoftEMET
MicrosoftWindows
mimikatz
MS14068
PassTheHash
PowerShell
PowerShellCode
PowerShellHacking
PowerShellv5
PowerSploit
Presentation
Security
SIDHistory
SilverTicket
SneakyADPersistence
SYSVOL
TGS
TGT
Windows7
Windows10
WindowsServer2008R2
WindowsServer2012
WindowsServer2012R2