win10-AD-hardening.md 455 B
title: Windows Active Directory Hardening categories: [checklists]
tags: [windows, hardening, AD]
Windows Active Directory Hardening
NTLM Hardening
- Enforce SMB Signing to prevents simple NTLM relaying attacks
- Block NTLMv1 (can be set via GPO)
- Enforce LDAP/S Signing to prevent NTLM relay in LDAP
- Enforce EPA (to prevent NTLM relay on Web Servers)
Credential hardening
- Disable LM hashes via GPO noLMHash