HARDENING YOUR NEW INFRASTRUCTURE

To avoid a configuration breach in the new infrastructure, an audit and hardening of the configuration of the new Active Directory infrastructure should be performed.

Two free softwares that will help.

Pingcastle
- URL : https://www.pingcastle.com/download/
Purple Knight
- URL : https://fr.purple-knight.com/request-form/

Both of these programs are free for auditing your own infrastructure. However, do not hesitate to inquire about the pricing and the possibilities offered by this one.

QUICK WIN ON DOMAIN - MICROSOFT BASELINE

A quick way to harden your infrastructure is to deploy Microsoft baselines from the Microsoft site to your AD. It's not the best but it's a first step.

Go the this URL
Select "Download"
Select the OS you have in the domain
Go to each folder
Execute the script "Baseline-ADImport"

QUICK WIN LOCAL HOSTS FOR INCIDENT RESPONDER - U.S DEPARTMENT OF DEFENSE

The United States Department of Defense is an executive branch department of the federal government charged with coordinating and supervising all agencies and functions of the government directly related to national security and the United States Armed Forces. The DoD is the largest employer in the world, with over 1.34 million active-duty service members (soldiers, marines, sailors, airmen, and guardians) as of June 2022.

Go on the host you want to hardening
Go to this URL
Use the link at the bottom to download
Extract all
Go to this URL
Download LGPO.zip
Extract all
Go to LGPO's folder
Open PowerShell in administrator
lgpo.exe /g PATH

Exemple :

.\LGPO.exe /g '....\U_October_2022_STIG_GPO\DoD WinSvr 2022 MS and DC v1r1\GPOs'

If you want to know if it works, just reboot the host.

PreviousCERTIFICATE NextTIER MODEL / ENTERPRISE ACCESS MODEL

Last updated 7 months ago