Detections
Analytics

Protected Users Group Not Used

high

Language:

Description

Users not in the Protected Users group risk credential exposure during authentication-related processes. To protect the maximum number of sensitive and privileged accounts (such as domain administrators) from password theft on compromised hosts, add these accounts to this group.

Solution

The Protected Users group boosts security by safeguarding member credentials and preventing attackers from accessing Active Directory privileges. To enhance security, it's advisable to include users with privileged rights in this group.

See Also

Protected users security group

How to Configure Protected Accounts

Indicator Details

Name: Protected Users Group Not Used

Codename: C-PROTECTED-USERS-GROUP-UNUSED

Severity: High

MITRE ATT&CK Information:

Tactics: TA0006

Techniques: T1003.001, T1003.005

Attacker Known Tools

Gentil Kiwi: mimikatz - Silver tickets