Plaintext Password Extraction Through Group Policy Preferences

How to mitigate Plaintext Password Extraction

Group Policy Preferences allow administrators to create and manage local accounts on servers and workstations in an Active Directory (AD) domain. Attackers can easily find and obtain the encrypted passwords of administrative account credentials managed by Group Policy Preferences and decrypt them using the Microsoft-published AES key.

    Request A Free Trial


    Stealthbits’ Plaintext Password Extraction Through Group Policy Preferences Solution

    Stealthbits’ products provide a multitude of ways to mitigate Plaintext Policy Extraction.

    Mitigate Plaintext Password Extraction Through Group Policy Preferences

    The best protection from Group Policy Preference abuse is to remove any passwords from GPPs.

    APPROACH

    Identify & Remove GPP Passwords

    DESCRIPTION

    Report on any group policy preferences which leverage cPassword fields that contain password data which can be decrypted. Remove the dependency on these and migrate to a more secure way to accomplish the task of that GPP setting.

    PRODUCT: StealthAUDIT

    DOWNLOAD OUR COMPLETE ATTACK-TO-PRODUCT MAPPING GUIDE

    RESOURCES

    © 2022 Stealthbits Technologies, Inc.