Active Directory - Are your Passwords a Ticking Time Bomb?
Вставка
- Опубліковано 5 лип 2024
- In this episode I dive deep into Windows Server Active Directory & Entra ID to discuss its current state of password policies to determine if they are still fit for purpose. Active Directory is now 24 years old and still in use by 90% of the world’s major corporations in one form or another. Of course Hybrid brings benefits in terms of convenience. But what about the weaknesses in its password policy tools. Features that have not changed in years. In this session I’ll take a look at the challenges that this brings along with possible Microsoft and third party solutions including Specops Password Policy. An awesome platform that, quite frankly surpasses Microsoft in terms of its functionality and flexibility.
For more on me visit me at www.Andymalone.org
Looking for more? Why not sign up to my Patreon page www.patreon.com/Andymalonemvp
Dive Deeper Tech Days event on the 7th May. Only £99 Per seat for a full days training with some awesome sessions and demos. More details here. www.quality-training.co.uk/events
For more details on Specops Password Policy check out the details here. specopssoft.com/product/speco...
Timecodes
00:00 Introduction & Problem Recap
03:00 Entra ID Password Protection Policy, Oh Dear!
05:14 Active Directory Password Policy Flaws
06:33 Enhancing AD Passwords with Specops Password Policy
14:45 Specops Password Policy from the Windows Client
18:04 Session Conclusion & Next Steps
I learned AD about 8 years ago. I work at a place that uses Entra/Azure AD now. Thank you for this. Security is always top of mind for our crew here. I shared this to our entire team.
Thanks so much :-)
I have been working with Active Directory for 20 years. I think it has been evolving nicely with every new release of Windows Server (WS). From WS 2003 significant improvements in Group Policy management over user and computer configurations within the network and also forest trust. Then WS 2008 introduced role-based authentication, providing administrators with more granular control over the assignments of rights and permissions and fine-grained password policies. Then WS 2012 with Dynamic Access Control, Recycle bin and Virtualization support. Then WS 2016 Privileged Access Management and Shielded Virtual machines. To WS 2019 Authentication Policy Silos, Enhanced Time Accuracy and Integration with Azure Active Directory. Havent played around with WS 2022 yet though.
Great post thanks and absolutely I totally agree with you. These are some awesome features. However, you’ll notice that it still does not address fundamental issues regarding passwords. I do believe however the window server 2025 is going to rewrite active directory for the first time, removing its dependency on NTLM at last, so this is definitely worth looking forward to. Thanks again for the great response 👍
This is a great video and I really enjoyed learning about Specops. Your point that 90% of businesses still run AD is spot on. My team is seeing a ton of AD security and hardening projects. Despite Microsoft's marketing, companies will remain hybrid longer than anyone expects. AD is the equivalent of the mainframe in the 90s. I wonder if we will have to recruit AD admins from retirement homes in 10 years 😀. Keep up the great work!
Absolutely 100% key skill requirement.
Great video as always! Since MS is appearing to move away from passwords (see Microsoft Account, or Microsoft 365, for example), I think MS should take a serious look to revamp the password policy and, most importantly, try to get rid of passwords in AD.
I mean, yeah, fair point. We should enforce users to harden their passwords and stuff. And so they commit unrememberable passwords, with expiring policies enough for them to write down on a post-it or something, comprimising the password anyway.
💻⌨📲🔍Thank you Andy, Excellent video presentation
Ahh thats a topic Im realy intressted in because Im in a ICT school currently learning how to do active directory.
What are other options on a windows server to handle all the users, groups, rules?
Watch the video, all will be revealed :-)
Very informative video Andy but I wonder how this SpecOps tools interacts with SSPR in Entra ID. Does it has similar "tips screen" as in Windows client or some other way to inform a user why the password is not accepted?
I believe so, yes
Andy I have been getting the run around from Microsoft Canada trying to get a client verification for ms edu. Any recommendations
No idea I’m sorry.
Use the AD administrative console and create a whole domain password policy there
It still has limits. Characters, length etc
You forgot to mention this video includes paid promotion!
Not paid
You forgot to mention this whole video is a promotion. There I fixed it. Thanks for putting out the work but I don't think this serves the community.
@@dennisbuswell Promotion for what?