{"id":328,"date":"2019-07-01T21:11:56","date_gmt":"2019-07-01T21:11:56","guid":{"rendered":"http:\/\/certcent.io\/?p=328"},"modified":"2019-07-01T21:11:56","modified_gmt":"2019-07-01T21:11:56","slug":"common-corporate-active-directory-mistakes","status":"publish","type":"post","link":"https:\/\/certcent.io\/index.php\/2019\/07\/01\/common-corporate-active-directory-mistakes\/","title":{"rendered":"Common Corporate Active Directory Mistakes."},"content":{"rendered":"<p><strong>1. Giving managers or the owner administrative access to your domain.<\/strong><br \/>\nThis might sound like a good idea, but unless the owner of the company manages users and has a solid background in security, limit the users that can make these changes to only a few IT professionals.<br \/>\n<strong>2. Leaving SMB 1 enabled on your file server.<\/strong><br \/>\nThis is the default behavior for Windows Server 2016 and below.  Disable SMB 1 to prevent widely known security exploits.<br \/>\nhttps:\/\/support.microsoft.com\/en-us\/help\/2696547\/detect-enable-disable-smbv1-smbv2-smbv3-in-windows-and-windows-server<br \/>\nIt is possible that you need version 1 for backwards compatibility.  I would suggest using a method like SFTP to access these files on your server.<br \/>\n<strong>3. Leaving NTLM V1 authentication on.<\/strong><br \/>\nDisable NTLM v1 and LANMAN authentication.  You can help identify machines connecting to your server by Get-EventLog -LogName Security -InstanceID 4624 -Newest 1000 | findstr V1<br \/>\nhttps:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/security-policy-settings\/network-security-restrict-ntlm-ntlm-authentication-in-this-domain<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1. Giving managers or the owner administrative access to your domain. This might sound like a good idea, but unless the owner of the company manages users and has a solid background in security, limit the users that can make these changes to only a few IT professionals. 2. Leaving SMB 1 enabled on your&hellip; <a class=\"more-link\" href=\"https:\/\/certcent.io\/index.php\/2019\/07\/01\/common-corporate-active-directory-mistakes\/\">Continue reading <span class=\"screen-reader-text\">Common Corporate Active Directory Mistakes.<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts\/328"}],"collection":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/comments?post=328"}],"version-history":[{"count":0,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts\/328\/revisions"}],"wp:attachment":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/media?parent=328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/categories?post=328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/tags?post=328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}