Skip to content

Commit 3caef24

Browse files
padmagit77padmagit77
authored
Merge pull request #4828 from LiorShapiraa/docs-editor/security-assessment-unsecure-a-1756124544
Update security-assessment-unsecure-account-attributes.md
2 parents 6ae5ea2 + a89e113 commit 3caef24

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

ATPDocs/security-assessment-unsecure-account-attributes.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,8 +40,9 @@ Use the remediation appropriate to the relevant attribute as described in the fo
4040
| Enable Kerberos AES encryption support | Enable AES features on the account properties in AD | Enabling AES128_CTS_HMAC_SHA1_96 or AES256_CTS_HMAC_SHA1_96 on the account helps prevent the use of weaker encryption ciphers for Kerberos authentication. |
4141
| Remove Use Kerberos DES encryption types for this account | Remove this setting from account properties in AD | Removing this setting enables the use of stronger encryption algorithms for the account's password. |
4242
| Remove a Service Principal Name (SPN) | Remove this setting from account properties in AD | When a user account is configured with an SPN set, it means that the account has been associated with one or more SPNs. This typically occurs when a service is installed or registered to run under a specific user account, and the SPN is created to uniquely identify the service workspace for Kerberos authentication. This recommendation only showed for sensitive accounts. |
43+
|Reset password as SmartcardRequired setting was removed|Reset the account password|Changing the account's password after the SmartcardRequired UAC flag was removed ensures it was set under current security policies. This helps prevent potential exposure from passwords created when smartcard enforcement was still active.|
4344

44-
Use the **UserAccountControl** flag to manipulate user account profiles. For more information, see:
45+
Use the **UserAccountControl** (UAC) flag to manipulate user account profiles. For more information, see:
4546

4647
- [Windows Server troubleshooting](/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties) documentation.
4748
- [User Properties - Account Section](/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/dd861342(v=ws.11))

0 commit comments

Comments
 (0)