Windows 11 is the newest and generally most secure operating system in the Windows family. In the newest iteration of Windows, there are default account lockout policies that exist to mitigate RDP and other brute force password vectors. Why... Read More
Active Directory - Technical
Categories
PowerShell scripts to force password change for all users after a security incident
There’s plenty to do in the aftermath of your organization suffering a security incident. Anything that can make your job quicker without compromised security is a bonus. After a confirmed or even suspected security breach, it’s often advised to... Read More
How to delegate password reset permissions in Active Directory
Least privilege access is a crucial part of security that protects against overprovisioning user permissions. Even with IT technicians, and junior administrators, this needs to be considered when configuring permissions in the environment. A case in point is helpdesk... Read More
Analyzing TCP port 21 FTP vulnerabilities
Port 21 is the gateway through which File Transfer Protocol (FTP) clients and servers communicate. It’s used to send commands and receive responses, making it a critical component of the FTP process. However, this same port is also a... Read More
Open ports and their vulnerabilities
One of the age-old tenets of good network security is only open network ports that are necessary and make sure you have protection around any port open to the outside world to avoid open port vulnerabilities. Open ports provide... Read More
How to set ‘User must change password at next logon’ flags in Active Directory
The User must change password at next logon setting can be flagged in a couple of different scenarios in Active Directory, including when a user account password has expired, or when an administrator manually sets the flag on an account. This setting is a... Read More
How to check if an Active Directory account is locked out
You might want to check if an Active Directory account is locked out to ensure that users can access necessary resources, to troubleshoot login issues, and to maintain security by identifying potential brute-force attack attempts. Being able to quickly... Read More
Hybrid Entra ID (formerly Azure AD) environments and third-party password tools
Can we leverage third-party password tools like Specops Password Policy in hybrid Azure AD environments? The answer is yes, and this blog will explain how. Read More
How to change the Active Directory password hash method
Passwords are generally associated with all aspects of securing technology systems. In most environments, passwords are secured using a password hash. Password hashes can impact how vulnerable an organization’s passwords are to an attacker, or in a data leak that... Read More
How to unlock active directory account lockouts
There is no question that one of the most common tasks that helpdesk and IT admins carry out on a daily basis is user account management. Specifically, triaging user account issues like unlocking active directory accounts in an Active... Read More