Tag: Security

Systems Admin

Active Directory Security Assessment with Purple Knight

Run Semperis Purple Knight Community against an Active Directory forest to surface Indicators of Exposure (weak crypto, print spooler on DCs, AdminSDHolder drift, kerberoastable accounts, etc.) and produce a graded HTML/PDF report. Walks the download, MotW Unblock-File pre-flight, the wizard's six indicator categories (AD Delegation, Account Security, AD Infra, Group Policy, Kerberos, Hybrid), the Zerologon-skip nuance, the score-grade scale, the remediation-then-rescan loop, and the common pitfalls (running as DA, running on a DC, skipping updates, mass-fixing without reading).

11 min read
Read →
Systems Admin

Secure Active Directory Passwords from Breaches

Audit and harden Active Directory against breached passwords using Lithnet Password Protection and the Have I Been Pwned compromised hash list. Covers installing Lithnet PP on a Domain Controller, syncing the HIBP store, running the Audit-Passwords.ps1 script to find pwned accounts, and configuring the GPO that rejects new pwned passwords on every set/change.

12 min read
Read →
Systems Admin

Implement Domain Name System Security Extension (DNSSEC)

Learn how to implement DNSSEC on Windows Server to protect against man-in-the-middle DNS attacks. This step-by-step guide covers the Zone Signing Wizard, configuring Key Signing Keys (KSK) and Zone Signing Keys (ZSK) with RSA-SHA-256, enabling NSEC3 and Trust Anchor distribution, verifying the padlock icon, and best practices for key rotation and monitoring.

7 min read
Read →
Systems Admin

Enable Active Directory Auditing

Learn how to configure Active Directory auditing via Group Policy on Windows Server 2008 R2 and later. Track account changes, directory service modifications, and policy updates across all domain controllers.

7 min read
Read →