๐ Secure Bits ๐ก
๐ฆ๐๐ถ๐น๐น ๐ฎ๐น๐น๐ผ๐๐ถ๐ป๐ด ๐บ๐ฎ๐ฝ๐ฝ๐ฒ๐ฑ ๐ป๐ฒ๐๐๐ผ๐ฟ๐ธ ๐ฑ๐ฟ๐ถ๐๐ฒ๐ ๐๐ถ๐๐ต ๐ฎ๐น๐๐ฒ๐ฟ๐ป๐ฎ๐๐ฒ ๐ฐ๐ฟ๐ฒ๐ฑ๐ฒ๐ป๐๐ถ๐ฎ๐น๐?
You might be exposing passwords โ especially for privileged accounts.
When users map network drives using โ๐๐ผ๐ป๐ป๐ฒ๐ฐ๐ ๐๐๐ถ๐ป๐ด ๐ฑ๐ถ๐ณ๐ณ๐ฒ๐ฟ๐ฒ๐ป๐ ๐ฐ๐ฟ๐ฒ๐ฑ๐ฒ๐ป๐๐ถ๐ฎ๐น๐โ, those credentials are cached on the machine โ and they end up in LSASS memory.
๐ If itโs an admin account, thatโs a serious security problem.
This behavior is default and often forgotten โ even though it opens the door to credential theft.
๐ ย ๐๐ฃ๐ข ๐ณ๐ถ๐
:
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
๐๐ฆ๐ต๐ธ๐ฐ๐ณ๐ฌ ๐ข๐ค๐ค๐ฆ๐ด๐ด: ๐๐ฐ ๐ฏ๐ฐ๐ต ๐ข๐ญ๐ญ๐ฐ๐ธ ๐ด๐ต๐ฐ๐ณ๐ข๐จ๐ฆ ๐ฐ๐ง ๐ฑ๐ข๐ด๐ด๐ธ๐ฐ๐ณ๐ฅ๐ด ๐ข๐ฏ๐ฅ ๐ค๐ณ๐ฆ๐ฅ๐ฆ๐ฏ๐ต๐ช๐ข๐ญ๐ด ๐ง๐ฐ๐ณ ๐ฏ๐ฆ๐ต๐ธ๐ฐ๐ณ๐ฌ ๐ข๐ถ๐ต๐ฉ๐ฆ๐ฏ๐ต๐ช๐ค๐ข๐ต๐ช๐ฐ๐ฏ
โ ๏ธ ๐ก๐ผ๐๐ฒ:ย This is related to Windows Credential Manager – mapping stops working, task scheduler with credentials, …, so test before deploying widely.
I provide more details about this topic in my ๐ช๐ถ๐ป๐ฑ๐ผ๐๐ ๐๐ป๐ณ๐ฟ๐ฎ๐๐๐ฟ๐๐ฐ๐๐๐ฟ๐ฒ ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ course:
โ https://horizon-secured.com/courses/windows-infrastructure-security
When these credentials are cached in LSASS, they ๐๐ต๐ผ๐๐น๐ฑ ๐ฏ๐ฒ ๐ฝ๐ฟ๐ผ๐๐ฒ๐ฐ๐๐ฒ๐ฑ ๐ฏ๐ ๐๐ฟ๐ฒ๐ฑ๐ฒ๐ป๐๐ถ๐ฎ๐น ๐๐๐ฎ๐ฟ๐ฑ, but it is always good to have this ๐บ๐๐น๐๐ถ-๐น๐ฎ๐๐ฒ๐ฟ ๐ฎ๐ฝ๐ฝ๐ฟ๐ผ๐ฎ๐ฐ๐ต.
Do you allow mapped drives for admins in your environment?
