Skillplan AD Checklist
2026-05-20 15:35
AD
Security Checklist
de
en
fr
it
System Online
← Back to sections
Mitigation Controls · Section 4 of 17
Mitigating Kerberoasting
Assessment Progress
0
/ 95 items
0%
Fulfillment so far
0
/ 0 controls
0%
Explain this attack
Minimise the number of user objects configured with SPNs.
Not Fulfilled
Fulfilled
Accepted
Create user objects with SPNs as gMSAs. If not feasible, set a minimum 30-character password that is unique, unpredictable and managed.
Not Fulfilled
Fulfilled
Accepted
Assign user objects with SPNs to the minimum privileges necessary and ensure they are not members of highly privileged security groups.
Not Fulfilled
Fulfilled
Accepted
Save and Continue →
