Domain : INFO.LAB
Report date: 01/23/2025 23:29:49
Elapsed : 00:01:21
Tab 1 : Dashboard
Tab 2 : Details
- Harden-Sysvol _ Version : 1.7 _ Release : 01/2025
- Author : Dakhama Mehdi
Credit : HardenAD Community HardenAD
Credit : It-connect Community It-Connect
Thanks : Przemyslaw Klys Evotec for Module PSWriteHTML/PswriteOffice
The Sysvol folder is crucial for distributing scripts and Group Policy Objects (GPOs) to all domain computers.
It may contain sensitive information, such as plain-text passwords, making it a prime target for attackers.
A vulnerability in Sysvol can compromise the entire domain. Therefore, it is essential to restrict permissions, monitor changes, and regularly audit its contents to ensure network security and compliance.
A vulnerability in Sysvol can compromise the entire domain. Therefore, it is essential to restrict permissions, monitor changes, and regularly audit its contents to ensure network security and compliance.
Regularly audit GPOs to verify their contents, such as plain-text passwords in configuration files or auto-logon scripts,
and the presence of unsigned sources.
Frequently run the GPOZaurr tool, which provides a comprehensive report to help identify and mitigate these risks.
GPOZaurr
Frequently run the GPOZaurr tool, which provides a comprehensive report to help identify and mitigate these risks.
GPOZaurr
Enable audits on the Sysvol folder and monitor logs for multiple search attempts, as this may indicate enumeration attempts.
Some elements in the Sysvol folder are not meant to be accessed by everyone. If possible, place a honeypot script in the Netlogon folder to trigger alerts for suspicious activity.
Autologon
Autologon
Do not store large files, such as ISO or .zip files, in the Sysvol folder. This can lead to replication issues and unnecessary consumption of storage resources, impacting the performance and reliability of your network
Move your scripts to a shared folder and grant access only to the relevant groups, not authenticated users. This will reduce vulnerabilities, especially if the scripts contain credentials or deploy critical applications.
Move your scripts to a shared folder and grant access only to the relevant groups, not authenticated users. This will reduce vulnerabilities, especially if the scripts contain credentials or deploy critical applications.
Use AD hardening to ensure security and reduce risks.
Disable old protocols like SMB1 and anonymous enumeration on DC shares.
Implement an N-tier architecture model, a PAW, and Silos. To facilitate this, refer to the HardenAD project.
HardenAD
Disable old protocols like SMB1 and anonymous enumeration on DC shares.
Implement an N-tier architecture model, a PAW, and Silos. To facilitate this, refer to the HardenAD project.
HardenAD
Use this command to improve the research : invoke-hardensysvol -Allextensions -addpattern admin -Maxfilesize 1
Link to doc. You can support the project
Documentation
Link to doc. You can support the project
Documentation
| FilePath | pattern | Reason |
|---|
| Name |
|---|