Skillplan AD Checklist
2026-05-20 16:31
AD
Security Checklist
de
en
fr
it
System Online
← Back to sections
Mitigation Controls · Section 9 of 17
Mitigating DCSync
Assessment Progress
0
/ 95 items
0%
Fulfillment so far
0
/ 0 controls
0%
Explain this attack
Minimise the number of user objects with DCSync permissions.
Not Fulfilled
Fulfilled
Accepted
Ensure user objects that are configured with a SPN do not have DCSync permissions.
Not Fulfilled
Fulfilled
Accepted
Ensure user objects with DCSync permissions cannot log on to unprivileged operating environments.
Not Fulfilled
Fulfilled
Accepted
Review user objects with DCSync permissions every 12 months to determine if these permissions are still required.
Not Fulfilled
Fulfilled
Accepted
Disable the NTLMv1 protocol.
Not Fulfilled
Fulfilled
Accepted
Ensure LM password hashes are not used.
Not Fulfilled
Fulfilled
Accepted
Save and Continue →
