Directory Insights in 10 Minutes: AD’s Biggest Misconfiguration

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/bd/e6/f3/bde6f3ba-1036-604a-d45f-058c1131c2aa/mza_13819881962082944253.jpg/600x600bb.jpg

Guardians of the Directory

Guardian of the Directory

18 episodes

5 days ago

Guardians of the Directory is the podcast for everything Active Directory security, management, and recovery. Join us as we dive into best practices, recent security events, listener Q&As, and expert interviews to equip you with the skills needed to protect your AD environment. Whether you’re an IT pro or a cybersecurity enthusiast, each episode delivers actionable insights to help you stay informed and secure. Become a Guardian of the Directory and tune in to strengthen your defenses!

Technology

RSS

All content for Guardians of the Directory is the property of Guardian of the Directory and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/42659774/cf4639657df8995a.jpg

Directory Insights in 10 Minutes: AD’s Biggest Misconfiguration – Fix It Now!

Guardians of the Directory

4 minutes 8 seconds

8 months ago

Directory Insights in 10 Minutes: AD’s Biggest Misconfiguration – Fix It Now!

Directory Insights in 10 Minutes – Episode 1
🛡️ AD’s Biggest Misconfiguration – Fix It Now!

Description:
Welcome to the first episode of Directory Insights in 10 Minutes, brought to you by Guardians of the Directory. This series is all about cutting through the noise—no fluff, no filler—just real-world, practical security insights for Active Directory and Entra ID admins.

In this episode, we’re exposing the #1 misconfigured setting in Active Directory—one that attackers love and admins often overlook. Even today, in 2025, this security gap exists by default in every new AD deployment.

What You’ll Learn:
✅ Why the built-in Administrator account (RID 500) is vulnerable out of the box
✅ How attackers abuse Kerberos delegation to impersonate admin accounts
✅ Why Microsoft’s security guidance is buried in a 2,000-page document
✅ The one checkbox that removes this attack path instantly
✅ Why Protected Users group doesn’t fully mitigate this risk

🛠️ Quick Fix:
1️⃣ Go to RID 500 account properties
2️⃣ Under the Account tab, check "Account is sensitive and cannot be delegated."
3️⃣ Apply this setting to all administrative accounts
4️⃣ Implement this as part of your ongoing security process