Detections
Analytics
Last Password Change on KRBTGT account
high
Language:
Description
Each Active Directory domain has a crucial account called KRBTGT that safeguards the master secret for all other secrets in the domain, making it vital to protect this account at any expense.
Solution
Microsoft fully supports the special operation of changing the KRBTGT account password.
See Also
Kerberos & KRBTGT: Active Directory's Domain Kerberos Service Account
Reset the krbtgt account password/keys
KRBTGT Account Password Reset Scripts now available for customers