VIDEO
HIGHLIGHT
Log InSign up
IT: Free IT Support Training (Active Directory, Support, AD Attacks)
SummaryTranscriptChat

IT: Free IT Support Training (Active Directory, Support, AD Attacks)

Introduction to Active Directory and Try Hack Me

In this section, the speaker introduces the topic of Active Directory and mentions that he will also cover vulnerabilities in Active Directory. He also talks about Try Hack Me and a specific lab environment that can be used to practice what he will discuss.

Understanding Active Directory

  • Active Directory is a set of services that connect users with network resources they need to get their work done.
  • A workgroup is not joined to the domain, while computers joined to a domain are managed by Active Directory.
  • Active Directory is like a phone book where all information about computers, security groups, user accounts, printers, OUs and policies are stored.

Help Desk Support for Active Directory

  • Help desk support should understand account creation, password reset, unlocking accounts and fixing issues when a computer falls off the domain.

Basic Concepts in Active Directory

In this section, the speaker goes over some basic concepts in Active Directory such as Group Policy Objects (GPO), Organizational Units (OU), Domain Controllers (DC), Sites and Services.

Group Policy Objects (GPO)

  • GPO is used to configure settings for users and computers in an organization.
  • It allows administrators to enforce security settings on all machines within an OU or site.

Organizational Units (OU)

  • OUs are containers within domains that allow administrators to group objects together for easier management.
  • They can be used to apply GPO settings or delegate administrative control over certain objects.

Domain Controllers (DC)

  • DC is responsible for authenticating users and computers in a domain.
  • It stores the Active Directory database and replicates changes to other DCs in the same domain.

Sites and Services

  • Sites are physical locations with one or more DCs that replicate data between each other.
  • Services are used to configure replication, authentication, and other network services.

Conclusion

In this section, the speaker concludes by summarizing what was covered in the video. He also encourages viewers to practice what they learned on Try Hack Me.

Summary

  • Active Directory is a set of services that connect users with network resources they need to get their work done.
  • Help desk support should understand account creation, password reset, unlocking accounts and fixing issues when a computer falls off the domain.
  • Basic concepts in Active Directory include GPO, OU, DC, Sites and Services.
  • Viewers can practice what they learned on Try Hack Me.

Understanding Lockouts and Security Groups

In this section, the speaker discusses lockouts and security groups. They explain how users can get locked out of their accounts due to various reasons such as changing passwords or using multiple devices. The speaker also talks about the importance of security groups in granting access to specific resources.

Lockouts

  • Users can get locked out of their accounts due to various reasons such as changing passwords or using multiple devices.
  • It's important to ask users if they changed their password on all devices to avoid getting locked out.
  • Users may forget their passwords or have expired passwords which can cause login issues.

Security Groups

  • Security groups are used to grant access to specific resources based on the permissions set by the system administrator.
  • Examples of resources that can be granted access through security groups include Cisco AnyConnect, MFA multi-factor authentication, and specific folders.
  • Understanding how NTFS share file access works is important in a server environment where folders are shared on the server rather than individual machines.

Share File Access and User Credentials

In this section, the speaker discusses share file access and user credentials. They explain how sharing files on a Windows 10 machine is not done in a work environment but rather on a server. The speaker also talks about user credentials and how they can be stored in Windows Credentials Manager.

Share File Access

  • Sharing files on a Windows 10 machine is not done in a work environment but rather on a server where folders are shared with limited access.
  • Understanding NTFS share file access is important for managing permissions and access to shared resources.

User Credentials

  • User credentials can be stored in Windows Credentials Manager and can cause login issues if the password is outdated or incorrect.
  • It's important to check Windows Credentials Manager when troubleshooting login issues.

IT Support: Understanding the Basics

In this section, the speaker discusses the importance of understanding how to troubleshoot third-party applications and the basics of operating systems. They also cover networking concepts such as static and dynamic IP addresses, workgroups, domains, and common command line tools.

Troubleshooting Third-Party Applications

  • It is important to understand how to troubleshoot third-party applications when helping a client or customer.
  • Basic knowledge of operating systems is necessary for tasks such as building images or computers for clients.

Networking Concepts

  • Understanding the difference between workgroups and domain joint workstations is important.
  • Knowing how to differentiate between static and dynamic IP addresses is crucial in networking.

Command Line Tools

  • Knowledge of command line tools is essential for IT support professionals.
  • Common commands include ipconfig, ping, net user, GP update force, dsam.msc, netplwiz, services.msc, mstsc.exe and whoami.

Adding Computers to a Domain

  • Understanding how to add a computer to a domain is an important skill for IT support professionals.

Local Accounts on Windows Operating Systems

  • Knowing how to log in with local accounts on Windows 10/11 operating systems is important.

Useful Command Line Tools

In this section, the speaker provides a list of useful command line tools that can be used by IT support professionals.

List of Useful Commands

  • Net user
  • Used for managing user accounts
  • Net user username/domain
  • Used for retrieving user account information
  • GP update force
  • Used for forcing a group policy update on a computer
  • dsam.msc
  • Opens up Active Directory
  • netplwiz
  • Goes into uninstall/reinstall programs in control panel
  • services.msc
  • Used for managing Windows services
  • mstsc.exe
  • Used for remote desktop connections
  • win/mac printer list
  • Provides a brief list of printers available on the network.
  • whoami
  • Tells you who you are as a person in the command line.

Helpful Commands for IT Support

In this section, the speaker discusses several helpful commands for IT support and explains their functions.

ipconfig

  • Use ipconfig to find the IP address of a device and get more information about it, such as the default gateway and DHCP server.
  • If DHCP is enabled, the IP address will change over time.

ping

  • Use ping to check if a website is online.
  • You can also ping an IP address directly.
  • To continuously ping a website or IP address, use ping -t.
  • To stop pinging, press Ctrl+C.

whoami

  • Use whoami to see who is currently logged in on a computer.
  • Use net accounts to get more information about password policies.

Task Manager and netstat

  • Open Task Manager with Taskmgr.
  • Use netstat to get information about TCP connections.

CD (Change Directory)

  • Use CD to change directories in the command line.

Navigating Directories in Command Line

In this section, the speaker explains how to navigate directories in the command line using various commands.

CD (Change Directory)

  • Use CD followed by a directory name to move into that directory.
  • Use CD .. to move up one level in the directory tree.
  • Use CD / to move to the root directory.

DIR (Directory)

  • Use DIR to list all files and directories in the current directory.
  • Use DIR /A:D to list only directories in the current directory.

MD (Make Directory) and RD (Remove Directory)

  • Use MD followed by a directory name to create a new directory.
  • Use RD followed by a directory name to remove a directory.

Introduction to Ping

In this section, the speaker explains what ping is and how it can be used to verify if a device is online or offline.

What is Ping?

  • Ping verifies if something's online or offline.
  • It can be used to troubleshoot desktops, PCs, servers, etc.
  • You can ping a domain controller, server or desktop depending on the company.

Continuous Ping

  • A continuous ping is useful when you want to make sure that a computer is online after rebooting it.
  • If you see no reply for some time but then an IP address appears, it means the computer is back online.
  • This technique can be used when working with customers and clients.

Importance of Active Directory Basics

In this section, the speaker emphasizes the importance of understanding Active Directory basics for red team training and security purposes.

Active Directory Basics

  • Understanding Active Directory basics is important for breaching and exploiting active directory credentials harvesting.
  • The speaker recommends checking out Try Hack Me's Red Team training section on Active Directory.

Understanding the Importance of Active Directory Account Security

In this section, the speaker discusses the importance of securing Active Directory accounts and highlights some common attacks that target these accounts.

The KRBTGT Account

  • The KRBTGT account controls authentication rights and is often targeted by hackers.
  • Microsoft recommends resetting this account regularly to prevent unauthorized access.
  • Attackers commonly use Golden Ticket attacks to exploit this account and gain access to sensitive information.

Securing Active Directory Accounts

  • It is important to harden Active Directory to prevent attacks on sensitive accounts.
  • Resetting passwords, disabling/enabling accounts, and setting login hours are all important steps in securing Active Directory accounts.

Additional Tips for Securing Active Directory

  • Use third-party tools like 701 or CrowdStrike to further secure your environment.
  • Be aware of common attacks like Mini Cuts and Silver Ticket attacks that target service accounts.

Overall, it is crucial to understand the importance of securing Active Directory accounts, especially those that control authentication rights like the KRBTGT account. Regularly resetting passwords and using third-party tools can help prevent unauthorized access and protect sensitive information from attackers.

Login Hours and Account Settings

This section covers the login hours and account settings in Active Directory.

Login Hours

  • Login hours determine when a user can log in to the domain controller.
  • To set login hours, highlight the whole thing, log into "not login deny," and then turn it off for specific times.
  • For example, if you turn off login on Saturday, users won't be able to log in at all that day.

Account Settings

  • Account settings include security groups, job titles, departments, managers, and more.
  • You can disable an account or make it sensitive.
  • You can also require education or make a user change their password at next login.
  • Password expiration dates can be set to expire accounts on a specific date.

Modifying Account Expiration Dates

This section covers how to modify account expiration dates in Active Directory.

Changing Expiration Dates

  • To change an account's expiration date, go to the profile tab and modify the date under "account expires."
  • Once modified, the user will not be able to log in after that date.
  • To check when an account expires using CMD prompt: type "net user amigo /domain" followed by "password expire."

Conclusion

This section concludes the lesson on Active Directory.

Final Thoughts

  • Active Directory has many features that can be overwhelming but are useful for managing accounts.
  • The lesson covered login hours and account settings as well as modifying account expiration dates.
Video description

Rate Comment Subscribe Share Thank You Signed up for a Course in Coursera: https://imp.i384100.net/5bJk03 Everything going to the cloud now. Want to know about Google Cloud Professional Cloud Architect. Signed up for this course: imp.i384100.net/VyXO3a Want to get into Tech Support. Check out course careers Google IT Support Course: imp.i384100.net/kjd42n You feel stuck and need coaching. Book a session with me: https://calendly.com/kevtechitsupport Mentoring Program: https://www.jobskillshare.org/it-pro-skills-development-program/ Join this channel to get access to perks: https://www.youtube.com/channel/UClMprMgb8WqWEl6Qo_y04Eg/join Kevtech Free Resources: Helpdesk (Hands On) How to get started https://kevtechitsupport.com/helpdesk-getting-started-1 My Discord Channel: https://discord.gg/ZCFuZbJ You want To Support My Content (Buy me a beer or coffee) https://www.buymeacoffee.com/kevtechitsupport Volunteer in https://www.raicescyber.org/ check them out and help the community. https://account.coursecareers.com/ref/65575/?campaign=kevtech $50 dollars off using KEVTECH50