Sunday, October 25, 2015

Pass the hash security templates

If you haven't done so and want some quick wins for a Win 8.1 or 7 environment. Head over here to download the Windows 8.1 security baseline zip file and extract the contents.

http://blogs.technet.com/b/secguide/archive/2014/08/13/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final.aspx

After Extracting navigate to the following area. (I extracted the contents to temp)

C:\temp\Desktop\Win81-WS2012R2-IE11-Baselines-FINAL\Win81-WS2012R2-IE11-Baselines\Administrative Template\PolicyDefinitions

Copy the pth.admx and the pth.adm file in the en-US folder to their respective locations in the policy definitions on the domain controller. When you go into your group policy editor on your domain controller you will notice some Pass the hash mitigations available.


Set 'Apply UAC restrictions to local accounts on network logons' to 'Enabled'

This setting controls whether local accounts can be used for remote administration via network logon (e.g., NET USE, connecting to C$, etc.). Local accounts are at high risk for credential theft when the same account and password is configured on multiple systems. Enabling this policy significantly reduces that risk.

Set 'WDigest Authentication' to 'Disabled'

When WDigest authentication is enabled, Lsass.exe retains a copy of the user's plaintext password in memory, where it can be at risk of theft. If this setting is not configured, WDigest authentication is disabled in Windows 8.1 and in Windows Server 2012 R2; it is enabled by default in earlier versions of Windows and Windows Server.

Enjoy.

1 comment:

  1. buy office pro 2013 key , office 2016 professional plus product key , windows 7 pro oem key , free windows product key for windows 7 , windows 7 home premium sp1 (32 bit) serial key , microsoft office publisher 2007 trial download , window 7 ultimate product ket free , windows 7 home premium free activation key , smrlzl

    ReplyDelete