Active Directory • GPO • Security Engineering
Enterprise AD Hardening & Automation
Windows Server 2022 • GPO • LAPS • CIS Benchmarks
Implemented a comprehensive security baseline for a Windows Domain environment, focusing on credential protection and automated policy enforcement.
Architecture & Components
Core components
- —Windows Server (Domain Controller)
- —Active Directory Users & Computers
- —Group Policy Management Editor
- —LAPS (Local Administrator Password Solution)
Challenges & Engineering Decisions
Legacy Protocol Interference
Problem
LLMNR and NBT-NS were enabled by default, posing a spoofing risk.
Solution
Identified and disabled protocols via GPO and verified via packet capture.
Outcome
- —Eliminated common lateral movement vectors
- —Reduced internal spoofing attack surface
Reflection
This project demonstrated the power of centralized management for securing enterprise scale infrastructure.