By default IPv6 has been enabled and preferred over IPv4 since Windows Vista (this also includes all server variations). From a cybersecurity point of view it is recommended to disabled IPv6 if you are not using it as it can be abused by an attacker to redirect traffic to a malicious DNS server. This can…
Category: Cybersecurity
Disable Link-Local Multicast Name Resolution(LLMNR) via Group Policy
The LLMNR protocol is usually enabled on all Windows systems and it’s the successor to NetBIOS. Both protocols are susceptible to spoofing and MITM attacks. Follow the steps below to disable LLMNR via Group Policy(GPO): Follow the steps below to disable mDNS via GPO by using the predefined firewall rules(Inbound and Outbound) to blocks this…
How to reset the Directory Services Restore Mode administrator account password in Windows Server
It’s a good practice to have a unique Directory Services Restore Mode(DSRM) password for each Domain Controller(DC) in your environment and to reset it at least every six months. This password is first set when a member server is promoted to a Domain Controller. The DSRM password act as the local admin password on Domain…
Roll over the Kerberos decryption key of the “AZUREADSSO” computer account
It’s is very important to regularly (every 30 days) roll over the Kerberos key for the AZUREADSSO computer account. This account represents your Azure AD in your on-prem AD. Permissions needed to perform this operation – on-prem Domain Administrator(DA) and Azure AD Global Administrator(GA) Assuming your environment consists of a single AD forest: