I'm trying to address a security vulnerability identified during a Ping Castle audit. Specifically, I want to know how to patch the A-LAPS-Joined-Computers issue in Active Directory. Should I handle this through PowerShell or by adjusting ACLs? Also, I'm curious if this vulnerability is particularly dangerous. If possible, could anyone share a screenshot or tutorial on where the remediation is done? Thanks!
2 Answers
If you check the PingCastle directory, there should be a file named ad_hc_rules_list.html. Use the search function to find A-LAPS-Joined-Computers. It should detail what you need to know.
In essence, this may occur if non-admins joined the computers to the domain or if you've granted non-admins permission to read attributes. For the first scenario, it might be necessary to rejoin those computers using an admin account since the responsible attribute is read-only, at least if I remember correctly.
You should check if they provided you with a specific CVE. If they did, looking it up can reveal some detailed remediation guidelines related to that vulnerability.
Here’s a link to the PingCastle documentation: https://www.pingcastle.com/PingCastleFiles/ad_hc_rules_list.html. Just keep in mind that this issue isn't tied to a CVE; it generally concerns configuration issues with users adding their own computers to the domain.
Thanks a lot! That's pretty much what I found in the Ping Castle recommendations, but I wasn't entirely clear on it.