Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Delegation of privileged accounts must be prohibited. #153

Closed
rebelinux opened this issue Feb 9, 2024 · 0 comments · Fixed by #156 or #164
Closed

Delegation of privileged accounts must be prohibited. #153

rebelinux opened this issue Feb 9, 2024 · 0 comments · Fixed by #156 or #164

Comments

@rebelinux
Copy link
Collaborator

https://www.stigviewer.com/stig/active_directory_domain/2017-12-15/finding/V-36435

https://community.spiceworks.com/topic/2245193-account-is-sensitive-and-cannot-be-delegated-automation-script-solution

PS C:\Users\jocolon> Get-ADGroupMember "Domain Admins" |  get-aduser -Properties AccountNotDelegated |
Where-Object { -not $_.AccountNotDelegated -and $_.objectClass -eq "user"}

AccountNotDelegated : False
DistinguishedName   : CN=Administrator,CN=Users,DC=pharmax,DC=local
Enabled             : True
GivenName           :
Name                : Administrator
ObjectClass         : user
ObjectGUID          : 2759fb46-591d-49a5-a0c0-0affa865bd5e
SamAccountName      : Administrator
SID                 : S-1-5-21-2867495315-1194516362-180967319-500
Surname             :
UserPrincipalName   : Administrator@pharmax.local

AccountNotDelegated : False
DistinguishedName   : CN=Jonathan A. Colon Feliciano,CN=Users,DC=pharmax,DC=local
Enabled             : True
GivenName           : Jonathan
Name                : Jonathan A. Colon Feliciano
ObjectClass         : user
ObjectGUID          : abebac09-ac10-4e4f-9898-baa9c6dea4e2
SamAccountName      : jocolon
SID                 : S-1-5-21-2867495315-1194516362-180967319-1171
Surname             : Colon Feliciano
UserPrincipalName   : jocolon@pharmax.local

AccountNotDelegated : False
DistinguishedName   : CN=veeam admin,CN=Users,DC=pharmax,DC=local
Enabled             : True
GivenName           : veeam
Name                : veeam admin
ObjectClass         : user
ObjectGUID          : cfd5ed32-d0be-47bd-9501-4b87f1af7c92
SamAccountName      : veeam_admin
SID                 : S-1-5-21-2867495315-1194516362-180967319-1175
Surname             : admin
UserPrincipalName   : veeam_admin@pharmax.local



PS C:\Users\jocolon>
rebelinux added a commit to rebelinux/AsBuiltReport.Microsoft.AD that referenced this issue Feb 10, 2024
@rebelinux
Delegation of privileged accounts must be prohibited. AsBuiltReport#153
eb30571
@rebelinux rebelinux mentioned this issue Feb 12, 2024
Merged
7 tasks
This was referenced May 16, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@rebelinux