Protected Users Group Not Used



Users not in the Protected Users group risk credential exposure during authentication-related processes. To protect the maximum number of sensitive and privileged accounts (such as domain administrators) from password theft on compromised hosts, add these accounts to this group.


The Protected Users group boosts security by safeguarding member credentials and preventing attackers from accessing Active Directory privileges. To enhance security, it's advisable to include users with privileged rights in this group.

See Also

Protected users security group

How to Configure Protected Accounts

Indicator Details

Name: Protected Users Group Not Used


Severity: High

MITRE ATT&CK Information:

Tactics: TA0006

Techniques: T1003.001

Attacker Known Tools

Gentil Kiwi: mimikatz - Silver tickets