Active Directory - Are your Passwords a Ticking Time Bomb?

Показать описание

In this episode I dive deep into Windows Server Active Directory & Entra ID to discuss its current state of password policies to determine if they are still fit for purpose. Active Directory is now 24 years old and still in use by 90% of the world’s major corporations in one form or another. Of course Hybrid brings benefits in terms of convenience. But what about the weaknesses in its password policy tools. Features that have not changed in years. In this session I’ll take a look at the challenges that this brings along with possible Microsoft and third party solutions including Specops Password Policy. An awesome platform that, quite frankly surpasses Microsoft in terms of its functionality and flexibility.

Timecodes

00:00 Introduction & Problem Recap
03:00 Entra ID Password Protection Policy, Oh Dear!
05:14 Active Directory Password Policy Flaws
06:33 Enhancing AD Passwords with Specops Password Policy
14:45 Specops Password Policy from the Windows Client
18:04 Session Conclusion & Next Steps

Рекомендации по теме

Комментарии

I learned AD about 8 years ago. I work at a place that uses Entra/Azure AD now. Thank you for this. Security is always top of mind for our crew here. I shared this to our entire team.

.Golden

I have been working with Active Directory for 20 years. I think it has been evolving nicely with every new release of Windows Server (WS). From WS 2003 significant improvements in Group Policy management over user and computer configurations within the network and also forest trust. Then WS 2008 introduced role-based authentication, providing administrators with more granular control over the assignments of rights and permissions and fine-grained password policies. Then WS 2012 with Dynamic Access Control, Recycle bin and Virtualization support. Then WS 2016 Privileged Access Management and Shielded Virtual machines. To WS 2019 Authentication Policy Silos, Enhanced Time Accuracy and Integration with Azure Active Directory. Havent played around with WS 2022 yet though.

Moralikov

Reach out if you want to have a deeper discussion more than happy to dive in a bit with you around some of these concepts and better security options and processes!

it-candor

I mean, yeah, fair point. We should enforce users to harden their passwords and stuff. And so they commit unrememberable passwords, with expiring policies enough for them to write down on a post-it or something, comprimising the password anyway.

Speeda

This is a great video and I really enjoyed learning about Specops. Your point that 90% of businesses still run AD is spot on. My team is seeing a ton of AD security and hardening projects. Despite Microsoft's marketing, companies will remain hybrid longer than anyone expects. AD is the equivalent of the mainframe in the 90s. I wonder if we will have to recruit AD admins from retirement homes in 10 years 😀. Keep up the great work!

scotteastin

Great video as always! Since MS is appearing to move away from passwords (see Microsoft Account, or Microsoft 365, for example), I think MS should take a serious look to revamp the password policy and, most importantly, try to get rid of passwords in AD.

francescobedinijacobini

💻⌨📲🔍Thank you Andy, Excellent video presentation

silvanabongiorno

Very informative video Andy but I wonder how this SpecOps tools interacts with SSPR in Entra ID. Does it has similar "tips screen" as in Windows client or some other way to inform a user why the password is not accepted?

ivaylovalkov

Use the AD administrative console and create a whole domain password policy there

jstump

Ahh thats a topic Im realy intressted in because Im in a ICT school currently learning how to do active directory.
What are other options on a windows server to handle all the users, groups, rules?

Burton

Andy I have been getting the run around from Microsoft Canada trying to get a client verification for ms edu. Any recommendations

greendesigners

You forgot to mention this video includes paid promotion!

ghasanazeza

Active Directory - Are your Passwords a Ticking Time Bomb?

What is Active Directory?

Active directory in a nutshell | How windows AD works in networking (2024)

Active Directory - CompTIA A+ 220-1102 - 2.1

Understanding Active Directory and Group Policy

How to Secure Active Directory (AD Tiering) - Tutorial 15 min

Don't Use Entra Domain Services to Replace Windows Active Directory

How to create an Active Directory domain step by step guide (Windows Server 2022)

Azure Active Directory (AD, AAD) Tutorial | Identity and Access Management Service

Intro to Active Directory Domain Services (AD DS) - EP-1

How to Create OU, Users and Groups on Active Directory 2019

Active Directory Best Practices

How to Setup a Basic Home Lab Running Active Directory (Oracle VirtualBox) | Add Users w/PowerShell

Five ways to secure your Active Directory

How to delegate control of Active Directory permissions

Find in Active Directory Users and Computers

How to Create an Active Directory Domain With Windows Server 2022

Install Active Directory Users and Computers In Windows 10

Active Directory: Episode 2 - Joining a computer to a domain

How to create user in active directory and join a domain

Fix: An Active Directory Domain Controller Could Not be Contacted | cannot connect to domain

How to Setup AWS Single Sign On for Your On-Premise Active Directory Users

What is Active Directory?

Active Directory Interview Questions

Learn Microsoft Active Directory Advanced skills!