How to Use Purple Knight for AD Assessment Without Causing Issues?

0
1
Asked By TechyCat123 On

Hey everyone! I'm about to assess my client's Active Directory using Purple Knight for the first time, but I'm running into some challenges. The documentation is quite sparse and doesn't really address all my questions. The Active Directory team is really concerned about the tool crashing our infrastructure, even though most sources suggest it doesn't generate much traffic.

They want us to conduct the assessment on a pre-production domain controller, but I'm unsure if I can specify which DC to scan with Purple Knight. I tried entering the specific DC name in the AD environment field, but it just reverts to the domain name. Is there a way to target a specific DC, perhaps by changing the LOGONSERVER variable on the machine with the tool? Any insights would be hugely appreciated, as I'm feeling a bit stuck right now!

5 Answers

Answered By PingCastleFan95 On

I haven’t used Purple Knight in a while since I usually go for PingCastle, but I believe you can specify a DC through command line options. Also, what do you mean by ‘pre-prod?’ Is that a staging environment?

Answered By SafetyFirst101 On

You don’t need to worry about Purple Knight crashing your AD. It’s been tested in all sorts of environments, and it's designed with safe options enabled by default. If you want to restrict it to a specific DC, consider controlling access through your network setup.

Answered By NetworkGuru77 On

Purple Knight’s default settings are safe, and only a few options could be risky, but they're not enabled unless you choose them explicitly. Your AD team might want to look into that.

Answered By ServerNinja88 On

If your team is really worried, one option is to install the tool on a DC and then run it in a controlled environment like VMware Workstation with no network access. That way, you can see how it impacts the server without affecting the wider network. Better safe than sorry, right?

Answered By ADWizard42 On

I've used Purple Knight in various environments with no issues. If a non-privileged user can crash your infrastructure just by running this tool, then there’s a bigger issue at hand since they could easily do the same with PowerShell. Just saying!

TechyCat123 -

Exactly! It sounds like there's a deeper security concern here.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.