If you end up with a computer that needs its domain applied GPOs cleared, i.e. the computer has been removed from the domain or there are settings applied via GPO that are blocking all communications with the domain controllers and new settings can’t be obtained follow the steps below. Note – modifying the registry is…
Category: Active Directory
Disable IPv6 to prevent DNS spoofing
By default IPv6 has been enabled and preferred over IPv4 since Windows Vista (this also includes all server variations). From a cybersecurity point of view it is recommended to disabled IPv6 if you are not using it as it can be abused by an attacker to redirect traffic to a malicious DNS server. This can…
Disable Link-Local Multicast Name Resolution(LLMNR) via Group Policy
The LLMNR protocol is usually enabled on all Windows systems and it’s the successor to NetBIOS. Both protocols are susceptible to spoofing and MITM attacks. Follow the steps below to disable LLMNR via Group Policy(GPO): Follow the steps below to disable mDNS via GPO by using the predefined firewall rules(Inbound and Outbound) to blocks this…
How to reset the Directory Services Restore Mode administrator account password in Windows Server
It’s a good practice to have a unique Directory Services Restore Mode(DSRM) password for each Domain Controller(DC) in your environment and to reset it at least every six months. This password is first set when a member server is promoted to a Domain Controller. The DSRM password act as the local admin password on Domain…