Hello all. Am stumped in a Windows Active Directory domain issue related to a previous audit. Wondering if anyone has some theories if the below is possible.
Objective is to identify domain hosts which authenticate on one protocol (e.g., Kerberos) and begin a session on a different protocol (e.g., NTLMv2). Here's an example:
- Enter my domain credentials to log into my workstation via Kerberos from the domain controller.
- Launch "myapp.exe" and the session is negotiated via NTLMv2.
- NTLMv2 can be literally anything other than Kerberos.
It is easy enough to identify the hosts by authentication protocol. It is not to so easy to holistically identify the hosts with differences in session protocols post-auth.
The overall business goal is to identify and document any legacy applications which cannot handle the forthcoming mandate to use Kerberos in every situation (refusing NTLMv2). Any pointers appreciated
No comments:
Post a Comment