How to secure Active Directory accounts

 

 

Managing service accounts and service account passwords can become overwhelming even in small environments running a large number of Windows Services controlling business-critical applications.

Insecure practices in dealing with service accounts, such as passwords that do not expire and identical passwords, can create security risks. 

Authentication and password security is more important than ever. This tool audit scans your Active Directory and identifies password-related vulnerabilities. The collected information generates multiple interactive reports containing user and password policy information. Specops Password Auditor is a read-only program.

Specops Password Auditor is a great free tool that helps to gain visibility into Active Directory account security issues in the environment. It can help quickly identify accounts, including service accounts, that may have the password set not to expire flag and configured with identical passwords.

Specops Password Auditor scans your Active Directory and detects security related weaknesses, specifically related to password settings. The collected information is used to display multiple interactive reports containing user and password policy information. The reports include a summary of accounts using leaked passwords, comparisons of the password settings in your organization with industry standards and best practices according to multiple official standards.

Specops Password Auditor will only read information from Active Directory, it will not make any changes. It will read the Default Domain Password Policy, any Fine-Grained Password Policies, as well as any Specops Password Policies (if installed).

Note:
To be able to read Fine-Grained Password Policies, and the password hashes for the Breached Password Protection, Identical Passwords or Blank Password reports, you will need domain administrator privileges in Active Directory.

The following user account attributes will also be read:

    pwdLastSet
    userAccountControl
    lastLogonTimestamp 

Reports 

The following is a list of reports you can view/export from Specops Password Auditor tool.

• Breached Passwords

Use this report to identify user accounts with passwords that are known to be leaked. The accounts in this list should be prompted to change their password.

Note: The Breached Passwords report does not use clear text passwords. The MD4 hashes of the leaked passwords is compared to the hashes of the passwords from the domain. The hashes are not stored, they are read and kept in memory by Specops Password Auditor.

• Identical Passwords

Use this report to identify groups of user accounts that have the same password. Admin users who use the same password for their normal user accounts and their admin accounts increase their attack surface. The accounts in this list should be prompted to change their password.

• Blank Passwords

Use this report to identify user accounts with blank passwords. These accounts are affected by a policy without a password requirement.

• Admin Accounts

Use this report to identify whether admin privileges are used appropriately (granted to users performing tasks that span across Active Directory domains, or activities that require elevated permissions). Delete unnecessary admin accounts and consider a delegated Active Directory security model to follow best practice.

• Stale Admin Accounts

Use this report to audit unused accounts. Dormant accounts should be deleted as they can be leveraged by attackers to access resources without being noticed.

• Password Not Required

Use this report to identify user accounts with the control flag for not requiring a password, or those affected by a password policy without a minimum password length. The accounts in this list indicate serious security holes within your organization.

• Expiring Passwords

Use this report to keep track of password expiration. Anticipating the expiration with a contingency plan can be effective for curbing password reset calls.

• Password never expires

Use this report to keep track of accounts that have their passwords set to never expire. These can be more vulnerable to attack if the user is reusing this password elsewhere.

• Expired Passwords

Use this report to identify user accounts with expired passwords. Password that have been expired for an extended period of time can indicate a stale account.

• Password Policies

Use this report for an overview of your password policies including change interval, dictionary enforcement, as well as relative strength.

            *The following settings are used to determine the maximum strength.

               Minimum length= 16 characters
               At least one of each of the following:
                Lower
                Upper
                Digit
                Special Character

Any policy with as strong, or stronger settings will be displayed as having “maximum” strength.

• Password Policy Usage

Use this report for a graphical overview of users affected by each password policy.

• Password Policy Compliance

Use this report to measure your password policies against industry and compliance recommendations. 

 

Download link - https://specopssoft.com/product/specops-password-auditor/?utm_source=Petri&amp%3Butm_medium=Email&amp%3Butm_campaign=Petri%20SPA%20promo&_hsenc=p2ANqtz-9cOS1s1j1U4NecZ65SxW9zKcT3mu0sbvTtM1rjI9ajG_enrT_f7HRozFZ30-HJqLGlCRAKTaXenr2pua80dHIB7tqiWA

 

 

Windows 11: How to Enable the Classic Start Menu

If you prefer the ‘classic’ Windows 10 Start menu, or if you want Live Tiles back, then Windows 11 gives you the option to revert to the Windows 10 Start menu. Microsoft could remove the ability to switch back to the Windows 10 Start menu in Windows 11. But I expect to appease enterprise users, the setting will remain and that it will also be available to configure in Group Policy. At the time of writing, it’s only possible to switch to the classic start menu by adding a value to the registry.

 

Windows 11 Start menu provides a phone-like experience and cleaner look

But before you rush to change back to the classic Start menu, consider using the new Start menu for a few weeks. In our opinion, it’s a big improvement over the Windows 10 Start menu, which evolved into a bit of a mess. The new Start menu in Windows 11 provides a cleaner experience, disposing of Live Tiles and replacing them with application icons. The app icons can be moved around and arranged as you like, much like you can do on iOS and Android. The icons are arranged in pages, similar to iOS, for a more ‘phone-like’ look and experience.

 

Live Tiles are no great loss because developers didn’t support them. And even Microsoft’s own applications made limited use of Live Tiles. As there was little interest in the feature, Microsoft never invested further in its development.

The ‘Recommended’ section at the bottom of the new Start menu lets you see docs that you’ve been accessing recently, whether locally or from the cloud. The timeline from Task View is gone in Windows 11, but the ‘Recommended’ section on the new Start menu more than makes up for its removal.

Instead of needing to click three times to power down or put a device to sleep, you just need two clicks on the Windows 11 Start menu. Similarly, to sign out or lock a device also requires just two clicks. ‘All apps’ is now tucked away in the top right corner. But you can still type on the Start menu to search for apps and documents. 

 

How to Switch back to the classic Windows 10 Start menu

But if you have decided that the new Start menu is not for you, you can add a value to the registry and go back to the Windows 10 experience.

• Open the Windows 11 Start menu by clicking the Windows key on the taskbar.
• Type regedit and then click Registry Editor in the search results.
• Click Yes in the User Account Control dialog to give Registry Editor permission to run.
• In the Registry Editor application in the left pane, expand HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Explorer > Advanced.

• Make sure the Advanced key is selected on the right.
• In the right pane of Registry Editor, right click some white space and select New > DWORD (32-bit) Value.
• A new value will appear. In the box, type Start_ShowClassicMode.
• Double click Start_ShowClassicMode.
• In the Edit DWORD dialog box, type 1 in the Value data field and click OK.
• Now close the Registry Editor application.
• Open the Start menu, click your username at the bottom of the menu, and click Sign out.
• Sign into Windows again with the user account you just signed out from. The registry change is per user, so you need to sign back into Windows using the account where you added the Start_ShowClassicMode registry value.
  

It may take a minute or so before your user account is switched to the classic Windows 10 Start menu.

 

If you want to use the Windows 11 Start menu again at any point, just delete the Start_ShowClassicMode value from the registry, sign out, and when you sign back into Windows, you will have a restored Windows 11 Start menu experience.

 

Windows 11, What's new in Microsoft release first build.

 

 

Well wait is over for the Windows fans have been waiting for, the first build of Windows 11 is now available to download. While not every new feature is in this release, there are many that are included – don’t forget to check your device compatibility before downloading the update too.

To get started, Microsoft requires that you join the Insider program as that’s where this first release is being distributed. To get the latest release, you will need to be in the Dev channel but builds will eventually move to the Beta channel.

Microsoft has also indicated that they will eventually release ISOs for direct, clean installs, but that download is not available today.

Here’s what’s new in Build 22000.51 that is now rolling out to Windows Insiders:

Windows 11 has a new Start menu design that is centered.

 

In this release, the new Start menu and centered Taskbar icon experience is included. This is one of the biggest updates to the OS but also feels familiar at the same time.

Windows 11 context menus now match theme of the OS.

 

Also included in this release are new context menus that look significantly better than what is available today in Windows 10. You can right-click on the Taskbar to open these items and see the new UI.

Windows 11 action center update with new UI.

 

Microsoft has overhauled the notification center and quick settings in this release. There are the new flyouts with updated designs including rounded corners.

Windows 11 quick settings overhauled.

 

The quick setting controls are easier to understand and have workflows that are more in line with expectations for tapping on icons for toggling the features on and off; easy access sliders provide fine-grained controls for volume and brightness.

First look at the new Windows 11 File Explorer

 

While Microsoft did not show off the new File Explorer at the Windows 11 event, we now have our first look at the updated UI. Featuring a compact ribbon, the UI uses the same icons in Windows 10 21H1 but the interface has been refined.

Windows 11 themes can now be quickly switched.

 

If you are a fan of themes, then this build is for you; changing themes across the entire UI of Windows 11 is now much easier with a single click.

Windows 11 widgets let you customize your feed.

 

Along with the Start menu, Widgets are one of the bigger updates coming to Windows 11 and in this release, Microsoft is pushing out the first iteration of the experience.

The news feed in the widget area will be personalized to your specifications and you can also find weather and traffic information as well.

Windows 11 snap groups make it easier to keep apps together.

 

Snap layouts and Snap groups are new productivity-focused features that make it easier to snap apps to a pre-defined percentage of your display. Snap groups are exactly as the name sounds, it keeps multiple windows snapped together in a group to easily re-launch to a group of applications.

The new Windows 11 store will also come to Windows 10.

 

Microsoft has overhauled the Windows store and in this release, we get our first sample of the updated interface. While the UI is new, this release does not include the ability to install Android apps, which will be coming in a later release.

Windows 11 settings have been overhauled.

 

The settings panel in Windows 11 has also been overhauled. In this release, we get our first look at the updated UI that features faster “quick action” items, new icons, more whitespace, and overall, a theme that matches the rest of Windows 11.

Windows 11 settings make it faster to do common tasks.

 

As an example, Bluetooth settings have been updated to make it much easier to connect or disconnect a device from your PC.

Updated Windows 11 settings makes connecting/disconnecting easier.

 

Another good example is the network connectivity toggles. The layout of all your connection settings is easier to see in one view and displayed in a way that should make connecting or unplugging from the Internet easier.

One other feature coming to Windows for the first time with this release is support for Wi-Fi 6E. This new connectivity standard opens up more bandwidth for connections in your home (or workplace) and is now supported natively in Windows 11.

These are the major updates that are coming to the first build of Windows 11 that is now available. You can download the update via Windows update if you are an Insider but you should not install this release on a device used in a production environment. Also make sure to keep an eye on the Known Issues log as it’s quite extensive.