Industry

Professional Services

Business Type

Consulting & Public Accounting Network/Firm

Services

Cybersecurity

Client Overview

A leading international advisory, tax, and assurance organization engaged us to proactively fortify the security of their core Active Directory (AD) infrastructure. This initiative underscored their commitment to safeguarding sensitive data and maintaining robust operational integrity.

cloud destinations

Challenges

  • Weak RSA Certificates in Use
  • Lack of LAPS Enforcement
  • Admin Accounts Not in Protected Users Group
  • Unknown Delegated Accounts in Active Directory
  • Print Spooler Service Running on Domain Controllers
  • Acceptance of NTLMv1 Authentication Protocol
  • SID History from Unknown Domains
  • LDAP Signing Not Enforced

Solution

    Weak RSA Certificates in Use

  • Identify certificates with an RSA exponent less than 2048 bits or using SHA1, and replace them with modern equivalents (e.g., RSA 2048+/SHA256+).

    • Lack of LAPS Enforcement

  • Implement LAPS to automatically manage and rotate local admin passwords.

    • Admin Accounts Not in Protected Users Group

  • Move eligible privileged accounts into the Protected Users group.

    • Unknown Delegated Accounts in Active Directory

  • Perform a delegation audit to identify and validate all accounts with delegated permissions. Remove or restrict access for accounts that are no longer required or whose roles cannot be justified.

    • Print Spooler Service Running on Domain Controllers

  • Disable the Print Spooler service on all Domain Controllers unless explicitly required (e.g., by legacy applications or printer dependencies).

    • Acceptance of NTLMv1 Authentication Protocol

  • Disable NTLMv1 support and enforce NTLMv2 or Kerberos-only authentication across the domain.

    • SID History from Unknown Domains

  • Audit and remove SID History entries that are no longer valid or understood.

    • LDAP Signing Not Enforced

  • Enforce LDAP Signing on all servers and clients to prevent unprotected LDAP communication.
cloud destinations
cloud destinations

Results

  • Successfully remediated 13 of 16 key issues, with 3 marked as “No Action Required”
  • Enhanced authentication and delegation security
  • Hardened system access and certificate configuration and closed all flagged items for project acceptance

Impact

  • Zero admin accounts left outside the “Protected Users” group
  • 100% disabling of vulnerable services like NTLMv1 and spoolers
  • 27 unknown domains in SID history identified for further action
  • 2+ certificates with critical vulnerabilities (SHA1, weak RSA) replaced

Issue Remediation Rate

75%

Issues Addressed via Change Request

6.25%

Flagged Items Closed for Project Acceptance

100%

Company

Quick Links

Industries

Resources

Connect

cloud destinations

Thank you for visiting our website! We use cookies to enhance your experience. These cookies help us remember your preferences, display relevant information, and ensure smooth functionality. By clicking “Accept,” you consent to our use of cookies. For more details, please see our Privacy Policy.