Detections
Analytics

Ensure SDProp Consistency

critical

Language:

Description

Active Directory offers protection for critical objects, such as Domain Administrators, by periodically applying default access control rules to these objects. It's essential to check these default rules for consistency since they affect the security of the most important objects in Active Directory.

Solution

Permissions set on the adminSDHolder object should only allow privileged access to administrative accounts.

See Also

Reducing the Active Directory Attack Surface

Securing Active Directory Administrative Groups and Accounts

Indicator Details

Name: Ensure SDProp Consistency

Codename: C-SDPROP-CONSISTENCY

Severity: Critical

MITRE ATT&CK Information:

Tactics: TA0003

Techniques: T1098