Professional Documents
Culture Documents
Castle
Castle
Castle
Assessment for
Active Directory
2
Ping Castle Security Assessment for Active Directory
The use of “PingCastle Basic Edition” (free version) will allow us to audit our systems but without getting any support
including bug fixing activities. All remediation activities / Bug fixing are conducted internally.
3
Ping Castle Security Assessment for Active Directory
Mitigated Golden
Ticket attack
Implemented the
EU
LAPS tool
Cleared the Admin
Count attribute
Disabled the spooler
service
LA
6
Ping Castle Security Assessment for Active Directory
Removed flag
"PASSWD_NOTREQD"
from "useraccountcontrol"
EU
attribute for AD Accounts.
Corrected the primary
group for the users
Why it is increased
• In the latest report OS win7
and 2008 has been added
• Due to Covid the computer
cleanup has been stopped
LA
9
Ping Castle Security Assessment for Active Directory
Next Steps
What are the next steps to ensure security is maintained in the AD Domain?
Designing a tiering model to protect Domain Services (AD DS)
(Proactive Operations Program: Privileged Access Workstations)
Azure Active Directory: Recovery Execution Service
Implementation of OnDemand Assessment for Active Directory Security is currently ongoing
Stale Object Clean-up activities initiated for Server and Clients (Windows 7 / Windows 2003/2008)
Team will incorporate in their operational activities the PingCastle Health check analysis, ODA AD and ODA
AD Security which will be executed every 6 months