Active Directory: change the KrbTgt account password

In this tutorial, I will explain how to change the password of the KrbTgt account. Before explaining how to change the password of this account, I will give you some explanations. Who is krbtgt? The krbtgt account is a disabled service account in the Active Directory, which is used for the distribution of Kerberos Tickets, …

Read more



Active Directory: Secure Domain Join to Domain Admins

In this tutorial, we will address a security point on an Active Directory environment, which is the domain joining of computers. What you need to know (some administrators don’t know this), all domain users can join a computer to a domain, they can even join up to 10 computers. Domain administrators have no limit as …

Read more



GPO: force DNS computer registration

In this tutorial, I will explain how to force DNS registration of computers by Group Policy (GPO) in an Active Directory environment. Maintaining a clean, up-to-date DNS (Active Directory) zone is not easy, especially with dynamic computer registration. The first step is the activation of automatic cleaning, but it happens that once this is activated, …

Read more



GPO: block programs and prevent software installation – software restriction

In this tutorial, I will explain how by Group Policy (GPO) in an Active Directory environment, block the launch of programs and prevent the installation of certain software with the software restriction policy. By default, if the users are not administrator (local) of the computer, it is not normally possible to install programs, on the …

Read more



Active Directory: harden the security of your environment

In this tutorial dedicated to Active Directory and security, I will give you some tips to harden the level of security in order to be less vulnerable to attacks. The different configuration points, which will be discussed, simply allow attacks to be made more difficult and longer internally, in no way will they guarantee that …

Read more



GPO: disabled SMBv1

In this tutorial, I will walk you through how to disable SMBv1 support add-on using Group Policy. To disable full SMBv1 support, you must act on the two SMB components which are: The server who is the one who shares The client that allows the use of shared resources. Disabling by group policy is done …

Read more



Default Domain Policy: Remove Remote Installation Services settings

In this “troubleshooting”, I will explain how to remove the Remote Installation Services settings that are configured on the Default Domain Policy. On Active Directory domains, which were created with an older version of Windows Server (2003), User settings are configured (Policies / Windows Settings / Remote Installation Services / Client Installation Wizard Options). Custom …

Read more



GPO for Firefox

paramètres disponible

For companies that use firefox as a browser, it was difficult to control due to the lack of admx file and the implementation of policies required scripts to copy the settings file. Since May 2018, firefox has officially offered ADMX files in order to be able to set up group policies (GPO) to configure Firefox …

Read more



Active Directory: secure passwords with Lithnet Password Protection for Active Directory

In this tutorial, I will tell you how to harden password security with Lithnet Password Protection for Active Directory. Lithnet Password Protection for Active Directory is a free utility that installs on domain controllers, which will allow us to increase password security with: Create a forbidden password dictionary, also taking into account the replacement of …

Read more