Table of content - Informatics, Outsourcing IT and IT for ...



Table of content TOC Table of content PAGEREF _Toc8559279 \h 11.General Information - Forest Summary PAGEREF _Toc8559280 \h 4a.General Information - Forest Sites PAGEREF _Toc8559281 \h 5b.General Information - Subnets PAGEREF _Toc8559282 \h 5c.General Information - Site Links PAGEREF _Toc8559283 \h 52.General Information - Domain ad.evotec.pl PAGEREF _Toc8559284 \h 6a.General Information - Domain Summary PAGEREF _Toc8559285 \h 6b.General Information - Domain Controllers PAGEREF _Toc8559286 \h 6c.General Information - Password Policies PAGEREF _Toc8559287 \h 6d.General Information - Fine-grained Password Policies PAGEREF _Toc8559288 \h 6e.General Information - Group Policies PAGEREF _Toc8559289 \h 7f.General Information - Group Policies Details PAGEREF _Toc8559290 \h 7g.General Information - DNS A/SRV Records PAGEREF _Toc8559291 \h 8h.General Information - Trusts PAGEREF _Toc8559292 \h 8i.General Information - Organizational Units PAGEREF _Toc8559293 \h 8j.General Information - Priviliged Groups PAGEREF _Toc8559294 \h 9k.General Information - Domain Users in ad.evotec.xyz PAGEREF _Toc8559295 \h 10i.General Information - Users Count PAGEREF _Toc8559296 \h 10ii.General Information - Domain Administrators PAGEREF _Toc8559297 \h 11iii.General Information - Enterprise Administrators PAGEREF _Toc8559298 \h 11l.General Information - Computer Objects in ad.evotec.xyz PAGEREF _Toc8559299 \h 12i.General Information - Computers PAGEREF _Toc8559300 \h 12ii.General Information - Servers PAGEREF _Toc8559301 \h 12iii.General Information - Unknown Computers PAGEREF _Toc8559302 \h 13m.Domain Password Quality PAGEREF _Toc8559303 \h 13i.Password Quality - Passwords with Reversible Encryption PAGEREF _Toc8559304 \h 14ii.Password Quality - Passwords with LM Hash PAGEREF _Toc8559305 \h 14iii.Password Quality - Empty Passwords PAGEREF _Toc8559306 \h 14iv.Password Quality - Known passwords PAGEREF _Toc8559307 \h 14v.Password Quality - Default Computer Password PAGEREF _Toc8559308 \h 14vi.Password Quality - Password Not Required PAGEREF _Toc8559309 \h 14vii.Password Quality - Non expiring passwords PAGEREF _Toc8559310 \h 14viii.Password Quality - AES Keys Missing PAGEREF _Toc8559311 \h 14ix.Password Quality - Kerberos Pre-Auth Not Required PAGEREF _Toc8559312 \h 14x.Password Quality - Only DES Encryption Allowed PAGEREF _Toc8559313 \h 14xi.Password Quality - Delegatable to Service PAGEREF _Toc8559314 \h 15xii.Password Quality - Groups of Users With Same Password PAGEREF _Toc8559315 \h 15xiii.Password Quality - Leaked Passwords PAGEREF _Toc8559316 \h 15xiv.Password Quality - Statistics PAGEREF _Toc8559317 \h 153.General Information - Domain ad.evotec.xyz PAGEREF _Toc8559318 \h 17a.General Information - Domain Summary PAGEREF _Toc8559319 \h 17b.General Information - Domain Controllers PAGEREF _Toc8559320 \h 17c.General Information - Password Policies PAGEREF _Toc8559321 \h 17d.General Information - Fine-grained Password Policies PAGEREF _Toc8559322 \h 17e.General Information - Group Policies PAGEREF _Toc8559323 \h 18f.General Information - Group Policies Details PAGEREF _Toc8559324 \h 18g.General Information - DNS A/SRV Records PAGEREF _Toc8559325 \h 19h.General Information - Trusts PAGEREF _Toc8559326 \h 19i.General Information - Organizational Units PAGEREF _Toc8559327 \h 19j.General Information - Priviliged Groups PAGEREF _Toc8559328 \h 20k.General Information - Domain Users in ad.evotec.xyz PAGEREF _Toc8559329 \h 21i.General Information - Users Count PAGEREF _Toc8559330 \h 21ii.General Information - Domain Administrators PAGEREF _Toc8559331 \h 22iii.General Information - Enterprise Administrators PAGEREF _Toc8559332 \h 22l.General Information - Computer Objects in ad.evotec.xyz PAGEREF _Toc8559333 \h 23i.General Information - Computers PAGEREF _Toc8559334 \h 23ii.General Information - Servers PAGEREF _Toc8559335 \h 23iii.General Information - Unknown Computers PAGEREF _Toc8559336 \h 24m.Domain Password Quality PAGEREF _Toc8559337 \h 24i.Password Quality - Passwords with Reversible Encryption PAGEREF _Toc8559338 \h 25ii.Password Quality - Passwords with LM Hash PAGEREF _Toc8559339 \h 25iii.Password Quality - Empty Passwords PAGEREF _Toc8559340 \h 25iv.Password Quality - Known passwords PAGEREF _Toc8559341 \h 25v.Password Quality - Default Computer Password PAGEREF _Toc8559342 \h 25vi.Password Quality - Password Not Required PAGEREF _Toc8559343 \h 25vii.Password Quality - Non expiring passwords PAGEREF _Toc8559344 \h 25viii.Password Quality - AES Keys Missing PAGEREF _Toc8559345 \h 25ix.Password Quality - Kerberos Pre-Auth Not Required PAGEREF _Toc8559346 \h 25x.Password Quality - Only DES Encryption Allowed PAGEREF _Toc8559347 \h 25xi.Password Quality - Delegatable to Service PAGEREF _Toc8559348 \h 26xii.Password Quality - Groups of Users With Same Password PAGEREF _Toc8559349 \h 26xiii.Password Quality - Leaked Passwords PAGEREF _Toc8559350 \h 26xiv.Password Quality - Statistics PAGEREF _Toc8559351 \h 26This document provides low-level documentation of Active Directory infrastructure in Evotec organization. This document contains general data that has been exported from Active Directory and provides an overview of the whole environment.General Information - Forest SummaryActive Directory at Evotec has a forest name . Following table contains forest summary with important information:Forest SummaryNamead.evotec.xyzRoot Domainad.evotec.xyzForest Distingushed NameDC=ad,DC=evotec,DC=xyzForest Functional LevelWindows2012R2ForestDomains Count2Sites Count4Domainsad.evotec.xyz, ad.evotec.plSitesKATOWICE-1, GLIWICE, KATOWICE-2, MIKOLOWFollowing table contains FSMO servers:FSMO RolesDomain Naming MasterAD1.ad.evotec.xyzSchema MasterAD1.ad.evotec.xyzFollowing table contains optional forest features:Optional FeaturesRecycle Bin EnabledFalsePrivileged Access Management Feature EnabledFalseFollowing UPN suffixes were created in this forest:UPN Suffixesad.evotec.xyzPrimary / Default UPNevotec.xyzSecondaryevotec.plSecondaryNo SPN suffixes were created in this forest.General Information - Forest SitesForest Sites list can be found below:NameDescriptionProtectedModifiedCreatedKATOWICE-1Main locationFalse07/30/2018 15:45:0605/20/2018 09:55:23GLIWICESome descriptionFalse07/30/2018 15:44:3407/21/2018 19:41:01KATOWICE-2False07/21/2018 19:41:5307/21/2018 19:41:14MIKOLOWFalse07/21/2018 19:41:3607/21/2018 19:41:21Forest Sites list can be found below:NameTopology Cleanup EnabledTopology Detect Stale EnabledTopology Minimum Hops EnabledUniversal Group Caching EnabledKATOWICE-1GLIWICEKATOWICE-2MIKOLOWGeneral Information - SubnetsTable below contains information regarding relation between Subnets and sitesNameDescriptionProtectedModifiedCreated192.168.240.0/24True07/30/2018 15:28:1107/29/2018 20:40:45192.168.241.0/24False07/29/2018 20:41:0007/29/2018 20:40:57192.168.239.0/24This is my siteFalse07/30/2018 15:27:4907/29/2018 23:13:33Table below contains information regarding relation between Subnets and sitesNameSite192.168.240.0/24CN=KATOWICE-1,CN=Sites,CN=Configuration,DC=ad,DC=evotec,DC=xyz192.168.241.0/24CN=MIKOLOW,CN=Sites,CN=Configuration,DC=ad,DC=evotec,DC=xyz192.168.239.0/24CN=KATOWICE-1,CN=Sites,CN=Configuration,DC=ad,DC=evotec,DC=xyzGeneral Information - Site LinksForest Site Links information is available in table belowNameCostReplicationFrequencyInMinutesReplIntervalReplicationScheduleDEFAULTIPSITELINK100180180General Information - Domain ad.evotec.plGeneral Information - Domain SummaryFollowing domain exists within forest :Domain DC=ad,DC=evotec,DC=xyzName for fully qualified domain name (FQDN): ad.evotec.xyzName for NetBIOS: EVOTECGeneral Information - Domain ControllersFollowing table contains domain controllersNameHost NameOperating SystemSiteIpv4AD2AD2.ad.evotec.xyzWindows Server 2016 StandardKATOWICE-1192.168.240.192AD1AD1.ad.evotec.xyzWindows Server 2016 StandardKATOWICE-1192.168.240.189Following table contains FSMO servers with roles for domain ad.evotec.xyzFSMO Roles for ad.evotec.xyzPDC EmulatorAD1.ad.evotec.xyzRID MasterAD1.ad.evotec.xyzInfrastructure MasterAD1.ad.evotec.xyzGeneral Information - Password PoliciesFollowing table contains password policies for all users within ad.evotec.xyzDefault Password Policy for ad.evotec.xyzComplexity EnabledTrueLockout Duration00:30:00Lockout Observation Window00:30:00Lockout Threshold0Max Password Age42.00:00:00Min Password Length7Min Password Age1.00:00:00Password History Count24Reversible Encryption EnabledFalseDistinguished NameDC=ad,DC=evotec,DC=xyzGeneral Information - Fine-grained Password PoliciesFollowing section should cover fine-grained password policies. There were no fine-grained password polices defined in ad.evotec.xyz. There was no formal requirement to have them set up.General Information - Group PoliciesFollowing table contains group policies for ad.evotec.xyzDisplay NameGpo StatusCreation TimeModification TimeDescriptionALL | Enable RDPAllSettingsEnabled08/07/2018 12:47:4408/07/2018 12:47:44ALL | PowerShell SettingsAllSettingsEnabled06/16/2018 12:19:3906/16/2018 12:21:08COMPUTERS | Allow use of biometricsAllSettingsEnabled05/20/2018 23:50:0705/20/2018 23:51:22Default Domain PolicyAllSettingsEnabled05/20/2018 09:55:2905/20/2018 09:59:46ALL | Bitlocker SettingsAllSettingsEnabled08/07/2018 12:22:2308/07/2018 12:24:04DC | Event Log SettingsAllSettingsEnabled05/20/2018 10:13:5312/29/2018 19:31:32DC | Event Log Audit RulesAllSettingsEnabled05/20/2018 10:14:0904/29/2019 13:40:06ALL | Firewall SettingsAllSettingsEnabled08/07/2018 16:42:2508/07/2018 16:46:16COMPUTERS | Enable SetsAllSettingsEnabled06/11/2018 13:06:5106/11/2018 13:07:16Default Domain Controllers PolicyAllSettingsEnabled05/20/2018 09:55:2908/05/2018 09:55:08Users | Synced Office 365 UsersAllSettingsEnabled11/19/2018 22:54:4411/19/2018 23:54:44My commentTestAllSettingsEnabled12/27/2018 00:17:3812/27/2018 01:17:38General Information - Group Policies DetailsFollowing table contains group policies for ad.evotec.xyzNameLinksHas Computer SettingsHas User SettingsUser EnabledALL | Enable RDPad.evotec.xyzTrueFalsetrueALL | PowerShell Settingsad.evotec.xyzTrueTruetrueCOMPUTERS | Allow use of biometricsTrueFalsetrueDefault Domain Policyad.evotec.xyzTrueFalsetrueALL | Bitlocker Settingsad.evotec.xyz/Production/Computers ad.evotec.xyz/Production/Servers ad.evotec.xyzTrueFalsetrueDC | Event Log Settingsad.evotec.xyz/Domain ControllersTrueFalsetrueDC | Event Log Audit Rulesad.evotec.xyz/Domain ControllersTrueFalsetrueALL | Firewall Settingsad.evotec.xyzTrueFalsetrueCOMPUTERS | Enable Setsad.evotec.xyz/Production/Computers ad.evotec.xyzTrueFalsetrueDefault Domain Controllers Policyad.evotec.xyz/Domain ControllersTrueFalsetrueUsers | Synced Office 365 Usersad.evotec.xyz/Production/Users-O365FalseFalsetrueTestFalseFalsetrueGeneral Information - DNS A/SRV RecordsFollowing table contains SRV records for Kerberos and LDAPTargetNameTargetPriorityWeightPortAD1.ad.evotec.xyzAD1.ad.evotec.xyz010088AD2.ad.evotec.xyzAD2.ad.evotec.xyz010088AD2.ad.evotec.xyzAD2.ad.evotec.xyz0100389AD1.ad.evotec.xyzAD1.ad.evotec.xyz0100389Following table contains A records for Kerberos and LDAPAddressIPAddressIP4AddressNameType192.168.240.189192.168.240.189192.168.240.189AD1.ad.evotec.xyzA192.168.240.192192.168.240.192192.168.240.192AD2.ad.evotec.xyzA192.168.240.192192.168.240.192192.168.240.192AD2.ad.evotec.xyzA192.168.240.189192.168.240.189192.168.240.189AD1.ad.evotec.xyzAGeneral Information - TrustsFollowing table contains trusts established with domains...Trust SourceTrust TargetTrust DirectionTrust AttributesTrust Statusad.evotec.xyzad.evotec.plBiDirectionalWithin ForestOKGeneral Information - Organizational UnitsFollowing table contains all OU's created in ad.evotec.xyzCanonical NameManaged ByManager EmailProtectedDescriptionad.evotec.xyz/Domain ControllersFalseDefault container for domain controllersad.evotec.xyz/Microsoft Exchange Security GroupsFalsead.evotec.xyz/ProductionTruead.evotec.xyz/Production/ComputersFalsead.evotec.xyz/Production/ContactsTruead.evotec.xyz/Production/GroupsTruead.evotec.xyz/Production/Groups/SecurityGroupsTruead.evotec.xyz/Production/ServersTruead.evotec.xyz/Production/UsersTruead.evotec.xyz/Production/Users-O365TrueOU for Synchronization of Users to Office 365ad.evotec.xyz/Production/Users-O365/HellloFalsead.evotec.xyz/Production/Users-OffboardedTrueGeneral Information - Priviliged GroupsFollowing table contains list of priviliged groups and count of the members in it.Group NameGroup CategoryGroup ScopeGroup SIDHigh Privileged GroupAdministratorsSecurityDomainLocalS-1-5-32-544TrueNetwork Configuration OperatorsSecurityDomainLocalS-1-5-32-556FalseEvent Log ReadersSecurityDomainLocalS-1-5-32-573FalseHyper-V AdministratorsSecurityDomainLocalS-1-5-32-578FalseRemote Management UsersSecurityDomainLocalS-1-5-32-580FalseIncoming Forest Trust BuildersSecurityDomainLocalS-1-5-32-557FalseDomain AdminsSecurityGlobalS-1-5-21-853615985-2870445339-3163598659-512TrueSchema AdminsSecurityUniversalS-1-5-21-853615985-2870445339-3163598659-518TrueGroup Policy Creator OwnersSecurityGlobalS-1-5-21-853615985-2870445339-3163598659-520FalsePrint OperatorsSecurityDomainLocalS-1-5-32-550TrueReplicatorSecurityDomainLocalS-1-5-32-552TrueServer OperatorsSecurityDomainLocalS-1-5-32-549TrueAccount OperatorsSecurityDomainLocalS-1-5-32-548TrueBackup OperatorsSecurityDomainLocalS-1-5-32-551TrueGeneral Information - Domain Users in ad.evotec.xyzGeneral Information - Users CountFollowing table and chart shows number of users in its categoriesUsers CountUsers Count Incl. System49Users Count0Users Expired0Users Expired Incl. Disabled0Users Never Expiring0Users Never Expiring Incl. Disabled0Users System Accounts0General Information - Domain AdministratorsFollowing users have highest priviliges and are able to control a lot of Windows resources.Display NameNameUser Principal NameSam Account NameEmail AddressAdministratorAdministratorAdministrator@ad.evotec.xyzAdministratorAdministrator@ad.evotec.xyzAdministrator Przemys?aw K?ysAdministrator Przemys?aw K?ysadm.pklys@ad.evotec.xyzadm.pklysPrzemys?aw K?ysPrzemys?aw K?ysprzemyslaw.klys@evotec.plprzemyslaw.klysprzemyslaw.klys@evotec.plTemporary AdminTemporary AdminTemporaryAdmin@ad.evotec.xyzTemporaryAdminService Task SchedulerService Task SchedulersvcTaskScheduler@ad.evotec.xyzsvcTaskSchedulerGeneral Information - Enterprise AdministratorsFollowing users have highest priviliges across Forest and are able to control a lot of Windows resources.Display NameNameUser Principal NameSam Account NameEmail AddressPrzemys?aw K?ysPrzemys?aw K?ysprzemyslaw.klys@evotec.plprzemyslaw.klysprzemyslaw.klys@evotec.plAdministratorAdministratorAdministrator@ad.evotec.xyzAdministratorAdministrator@ad.evotec.xyzGeneral Information - Computer Objects in ad.evotec.xyzGeneral Information - ComputersFollowing table and chart shows number of computers and their versionsComputers CountWindows 10 Enterprise2Windows 10 Pro1Windows 10 Pro N Insider Preview1General Information - ServersFollowing table and chart shows number of servers and their versionsServers CountWindows Server 2016 Standard6Windows Server 2012 R2 Standard Evaluation1Windows Server 2019 Standard Evaluation1General Information - Unknown ComputersFollowing table and chart shows number of unknown object computers in domain.Unknown Computers CountUnknown4Domain Password QualityThis section provides overview about password quality used in ad.evotec.xyz. One should review if all those potentially dangerous approaches to password quality should be left as is or addressed in one way or another.Password Quality - Passwords with Reversible EncryptionPasswords of these accounts are stored using reversible encryption.There are no accounts that have passwords stored using reversible encryption.Password Quality - Passwords with LM HashLM-hashes is the oldest password storage used by Windows, dating back to OS/2 system. Due to the limited charset allowed, they are fairly easy to crack. Following accounts are affected:LM-hashes is the oldest password storage used by Windows, dating back to OS/2 system. There were no accounts found that use LM Hashes.Password Quality - Empty PasswordsFollowing accounts have no password set:There are no accounts in ad.evotec.xyz that have no password set.Password Quality - Known passwordsPasswords of these accounts have been found in given dictionary. It's highly recommended to notify those users and ask them to change their passwords asap!There were no passwords found that match given dictionary.Password Quality - Default Computer PasswordThese computer objects have their password set to default:There were no accounts found that match default computer password criteria.Password Quality - Password Not RequiredThese accounts are not required to have a password. For some accounts it may be perfectly acceptable but for some it may not. Those accounts should be reviewed and accepted or changed to proper security.NameUserPrincipalNameEnabledPassword Last ChangedDaysToExpireTest2TrueTest4TrueTest6TrueTestingDSInstallTruePassword Quality - Non expiring passwordsFollowing account have do not expire password policy set on them. Those accounts should be reviewed whether allowing them to never expire is good idea and accepted risk.There are no accounts in ad.evotec.xyz that never expire.Password Quality - AES Keys MissingFollowing accounts have their Kerberos AES keys missingThere are no accounts that hvae their Kerberos AES keys missing.Password Quality - Kerberos Pre-Auth Not RequiredKerberos pre-authentication is not required for these accountsThere were no accounts found that do not require pre-authentication.Password Quality - Only DES Encryption AllowedOnly DES encryption is allowed to be used with these accountsThere are no account that require only DES encryption.Password Quality - Delegatable to ServiceThese accounts are allowed to be delegated to a service:No accounts were found that are allowed to be delegated to a service.Password Quality - Groups of Users With Same PasswordFollowing groups of users have same passwords:There are no 2 passwords that are the same in ad.evotec.xyz.Password Quality - Leaked PasswordsPasswords of these accounts have been found in given HASH dictionary (). It's highly recommended to notify those users and ask them to change their passwords asap!There were no passwords found that match in given dictionary.Password Quality - StatisticsFollowing table and chart shows password statisticsPassword Quality - StatisticsClear Text Passwords0LM Hashes0Empty Passwords0Weak Passwords0Weak Passwords Enabled0Weak Passwords Disabled0Weak Passwords (HASH)0Weak Passwords (HASH) Enabled0Weak Passwords (HASH) Disabled0Default Computer Passwords0Password Not Required4Password Never Expires0AES Keys Missing0PreAuth Not Required0DES Encryption Only0Delegatable Admins0Duplicate Password Users0Duplicate Password Grouped0General Information - Domain ad.evotec.xyzGeneral Information - Domain SummaryFollowing domain exists within forest :Domain DC=ad,DC=evotec,DC=xyzName for fully qualified domain name (FQDN): ad.evotec.xyzName for NetBIOS: EVOTECGeneral Information - Domain ControllersFollowing table contains domain controllersNameHost NameOperating SystemSiteIpv4AD2AD2.ad.evotec.xyzWindows Server 2016 StandardKATOWICE-1192.168.240.192AD1AD1.ad.evotec.xyzWindows Server 2016 StandardKATOWICE-1192.168.240.189Following table contains FSMO servers with roles for domain ad.evotec.xyzFSMO Roles for ad.evotec.xyzPDC EmulatorAD1.ad.evotec.xyzRID MasterAD1.ad.evotec.xyzInfrastructure MasterAD1.ad.evotec.xyzGeneral Information - Password PoliciesFollowing table contains password policies for all users within ad.evotec.xyzDefault Password Policy for ad.evotec.xyzComplexity EnabledTrueLockout Duration00:30:00Lockout Observation Window00:30:00Lockout Threshold0Max Password Age42.00:00:00Min Password Length7Min Password Age1.00:00:00Password History Count24Reversible Encryption EnabledFalseDistinguished NameDC=ad,DC=evotec,DC=xyzGeneral Information - Fine-grained Password PoliciesFollowing section should cover fine-grained password policies. There were no fine-grained password polices defined in ad.evotec.xyz. There was no formal requirement to have them set up.General Information - Group PoliciesFollowing table contains group policies for ad.evotec.xyzDisplay NameGpo StatusCreation TimeModification TimeDescriptionALL | Enable RDPAllSettingsEnabled08/07/2018 12:47:4408/07/2018 12:47:44ALL | PowerShell SettingsAllSettingsEnabled06/16/2018 12:19:3906/16/2018 12:21:08COMPUTERS | Allow use of biometricsAllSettingsEnabled05/20/2018 23:50:0705/20/2018 23:51:22Default Domain PolicyAllSettingsEnabled05/20/2018 09:55:2905/20/2018 09:59:46ALL | Bitlocker SettingsAllSettingsEnabled08/07/2018 12:22:2308/07/2018 12:24:04DC | Event Log SettingsAllSettingsEnabled05/20/2018 10:13:5312/29/2018 19:31:32DC | Event Log Audit RulesAllSettingsEnabled05/20/2018 10:14:0904/29/2019 13:40:06ALL | Firewall SettingsAllSettingsEnabled08/07/2018 16:42:2508/07/2018 16:46:16COMPUTERS | Enable SetsAllSettingsEnabled06/11/2018 13:06:5106/11/2018 13:07:16Default Domain Controllers PolicyAllSettingsEnabled05/20/2018 09:55:2908/05/2018 09:55:08Users | Synced Office 365 UsersAllSettingsEnabled11/19/2018 22:54:4411/19/2018 23:54:44My commentTestAllSettingsEnabled12/27/2018 00:17:3812/27/2018 01:17:38General Information - Group Policies DetailsFollowing table contains group policies for ad.evotec.xyzNameLinksHas Computer SettingsHas User SettingsUser EnabledALL | Enable RDPad.evotec.xyzTrueFalsetrueALL | PowerShell Settingsad.evotec.xyzTrueTruetrueCOMPUTERS | Allow use of biometricsTrueFalsetrueDefault Domain Policyad.evotec.xyzTrueFalsetrueALL | Bitlocker Settingsad.evotec.xyz/Production/Computers ad.evotec.xyz/Production/Servers ad.evotec.xyzTrueFalsetrueDC | Event Log Settingsad.evotec.xyz/Domain ControllersTrueFalsetrueDC | Event Log Audit Rulesad.evotec.xyz/Domain ControllersTrueFalsetrueALL | Firewall Settingsad.evotec.xyzTrueFalsetrueCOMPUTERS | Enable Setsad.evotec.xyz/Production/Computers ad.evotec.xyzTrueFalsetrueDefault Domain Controllers Policyad.evotec.xyz/Domain ControllersTrueFalsetrueUsers | Synced Office 365 Usersad.evotec.xyz/Production/Users-O365FalseFalsetrueTestFalseFalsetrueGeneral Information - DNS A/SRV RecordsFollowing table contains SRV records for Kerberos and LDAPTargetNameTargetPriorityWeightPortAD1.ad.evotec.xyzAD1.ad.evotec.xyz010088AD2.ad.evotec.xyzAD2.ad.evotec.xyz010088AD2.ad.evotec.xyzAD2.ad.evotec.xyz0100389AD1.ad.evotec.xyzAD1.ad.evotec.xyz0100389Following table contains A records for Kerberos and LDAPAddressIPAddressIP4AddressNameType192.168.240.189192.168.240.189192.168.240.189AD1.ad.evotec.xyzA192.168.240.192192.168.240.192192.168.240.192AD2.ad.evotec.xyzA192.168.240.192192.168.240.192192.168.240.192AD2.ad.evotec.xyzA192.168.240.189192.168.240.189192.168.240.189AD1.ad.evotec.xyzAGeneral Information - TrustsFollowing table contains trusts established with domains...Trust SourceTrust TargetTrust DirectionTrust AttributesTrust Statusad.evotec.xyzad.evotec.plBiDirectionalWithin ForestOKGeneral Information - Organizational UnitsFollowing table contains all OU's created in ad.evotec.xyzCanonical NameManaged ByManager EmailProtectedDescriptionad.evotec.xyz/Domain ControllersFalseDefault container for domain controllersad.evotec.xyz/Microsoft Exchange Security GroupsFalsead.evotec.xyz/ProductionTruead.evotec.xyz/Production/ComputersFalsead.evotec.xyz/Production/ContactsTruead.evotec.xyz/Production/GroupsTruead.evotec.xyz/Production/Groups/SecurityGroupsTruead.evotec.xyz/Production/ServersTruead.evotec.xyz/Production/UsersTruead.evotec.xyz/Production/Users-O365TrueOU for Synchronization of Users to Office 365ad.evotec.xyz/Production/Users-O365/HellloFalsead.evotec.xyz/Production/Users-OffboardedTrueGeneral Information - Priviliged GroupsFollowing table contains list of priviliged groups and count of the members in it.Group NameGroup CategoryGroup ScopeGroup SIDHigh Privileged GroupAdministratorsSecurityDomainLocalS-1-5-32-544TrueNetwork Configuration OperatorsSecurityDomainLocalS-1-5-32-556FalseEvent Log ReadersSecurityDomainLocalS-1-5-32-573FalseHyper-V AdministratorsSecurityDomainLocalS-1-5-32-578FalseRemote Management UsersSecurityDomainLocalS-1-5-32-580FalseIncoming Forest Trust BuildersSecurityDomainLocalS-1-5-32-557FalseDomain AdminsSecurityGlobalS-1-5-21-853615985-2870445339-3163598659-512TrueSchema AdminsSecurityUniversalS-1-5-21-853615985-2870445339-3163598659-518TrueGroup Policy Creator OwnersSecurityGlobalS-1-5-21-853615985-2870445339-3163598659-520FalsePrint OperatorsSecurityDomainLocalS-1-5-32-550TrueReplicatorSecurityDomainLocalS-1-5-32-552TrueServer OperatorsSecurityDomainLocalS-1-5-32-549TrueAccount OperatorsSecurityDomainLocalS-1-5-32-548TrueBackup OperatorsSecurityDomainLocalS-1-5-32-551TrueGeneral Information - Domain Users in ad.evotec.xyzGeneral Information - Users CountFollowing table and chart shows number of users in its categoriesUsers CountUsers Count Incl. System49Users Count0Users Expired0Users Expired Incl. Disabled0Users Never Expiring0Users Never Expiring Incl. Disabled0Users System Accounts0General Information - Domain AdministratorsFollowing users have highest priviliges and are able to control a lot of Windows resources.Display NameNameUser Principal NameSam Account NameEmail AddressAdministratorAdministratorAdministrator@ad.evotec.xyzAdministratorAdministrator@ad.evotec.xyzAdministrator Przemys?aw K?ysAdministrator Przemys?aw K?ysadm.pklys@ad.evotec.xyzadm.pklysPrzemys?aw K?ysPrzemys?aw K?ysprzemyslaw.klys@evotec.plprzemyslaw.klysprzemyslaw.klys@evotec.plTemporary AdminTemporary AdminTemporaryAdmin@ad.evotec.xyzTemporaryAdminService Task SchedulerService Task SchedulersvcTaskScheduler@ad.evotec.xyzsvcTaskSchedulerGeneral Information - Enterprise AdministratorsFollowing users have highest priviliges across Forest and are able to control a lot of Windows resources.Display NameNameUser Principal NameSam Account NameEmail AddressPrzemys?aw K?ysPrzemys?aw K?ysprzemyslaw.klys@evotec.plprzemyslaw.klysprzemyslaw.klys@evotec.plAdministratorAdministratorAdministrator@ad.evotec.xyzAdministratorAdministrator@ad.evotec.xyzGeneral Information - Computer Objects in ad.evotec.xyzGeneral Information - ComputersFollowing table and chart shows number of computers and their versionsComputers CountWindows 10 Enterprise2Windows 10 Pro1Windows 10 Pro N Insider Preview1General Information - ServersFollowing table and chart shows number of servers and their versionsServers CountWindows Server 2016 Standard6Windows Server 2012 R2 Standard Evaluation1Windows Server 2019 Standard Evaluation1General Information - Unknown ComputersFollowing table and chart shows number of unknown object computers in domain.Unknown Computers CountUnknown4Domain Password QualityThis section provides overview about password quality used in ad.evotec.xyz. One should review if all those potentially dangerous approaches to password quality should be left as is or addressed in one way or another.Password Quality - Passwords with Reversible EncryptionPasswords of these accounts are stored using reversible encryption.There are no accounts that have passwords stored using reversible encryption.Password Quality - Passwords with LM HashLM-hashes is the oldest password storage used by Windows, dating back to OS/2 system. Due to the limited charset allowed, they are fairly easy to crack. Following accounts are affected:LM-hashes is the oldest password storage used by Windows, dating back to OS/2 system. There were no accounts found that use LM Hashes.Password Quality - Empty PasswordsFollowing accounts have no password set:There are no accounts in ad.evotec.xyz that have no password set.Password Quality - Known passwordsPasswords of these accounts have been found in given dictionary. It's highly recommended to notify those users and ask them to change their passwords asap!There were no passwords found that match given dictionary.Password Quality - Default Computer PasswordThese computer objects have their password set to default:There were no accounts found that match default computer password criteria.Password Quality - Password Not RequiredThese accounts are not required to have a password. For some accounts it may be perfectly acceptable but for some it may not. Those accounts should be reviewed and accepted or changed to proper security.NameUserPrincipalNameEnabledPassword Last ChangedDaysToExpireTest2TrueTest4TrueTest6TrueTestingDSInstallTruePassword Quality - Non expiring passwordsFollowing account have do not expire password policy set on them. Those accounts should be reviewed whether allowing them to never expire is good idea and accepted risk.There are no accounts in ad.evotec.xyz that never expire.Password Quality - AES Keys MissingFollowing accounts have their Kerberos AES keys missingThere are no accounts that hvae their Kerberos AES keys missing.Password Quality - Kerberos Pre-Auth Not RequiredKerberos pre-authentication is not required for these accountsThere were no accounts found that do not require pre-authentication.Password Quality - Only DES Encryption AllowedOnly DES encryption is allowed to be used with these accountsThere are no account that require only DES encryption.Password Quality - Delegatable to ServiceThese accounts are allowed to be delegated to a service:No accounts were found that are allowed to be delegated to a service.Password Quality - Groups of Users With Same PasswordFollowing groups of users have same passwords:There are no 2 passwords that are the same in ad.evotec.xyz.Password Quality - Leaked PasswordsPasswords of these accounts have been found in given HASH dictionary (). It's highly recommended to notify those users and ask them to change their passwords asap!There were no passwords found that match in given dictionary.Password Quality - StatisticsFollowing table and chart shows password statisticsPassword Quality - StatisticsClear Text Passwords0LM Hashes0Empty Passwords0Weak Passwords0Weak Passwords Enabled0Weak Passwords Disabled0Weak Passwords (HASH)0Weak Passwords (HASH) Enabled0Weak Passwords (HASH) Disabled0Default Computer Passwords0Password Not Required4Password Never Expires0AES Keys Missing0PreAuth Not Required0DES Encryption Only0Delegatable Admins0Duplicate Password Users0Duplicate Password Grouped0 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download