Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Midude2000
Newcomer II
‎07-23-2022 05:26 PM
‎07-23-2022 05:26 PM

Windows AD Trust review

Hello:
I wanted some quick education on important windows AD Trust terminology for an AD trust relationships audit.

I have researched online but I can’t seem to find good business level (the why behind the what) explanations

Specifically; What is meant by the following flag values
SID Filtering Forestaware = false (or true)
SID Filtering Quarintine = false (or true).

what is the significance of these flags, why so, what could go wrong if set one way vs. the other and best practice security settings for them
Reply
0 Kudos
2 Replies
dcontesti
Community Champion
‎07-24-2022 07:10 AM
‎07-24-2022 07:10 AM

Both flags are related to Trust relationships in AD.

 

It is very difficult to say what can go right/wrong without full understanding of the environment.  What trusts are set up?  What does the forrest look like?  Are these flags being used Internally/externally/ both?

 

Microsoft Technet has a wealth of knowledge on these flags and others.  Here is one link:

 

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc...

 

SID filtering quarantining is typically used to prevent  attackers that have compromised a domain controller in a trusted domain to use the SID history attribute to grant themselves unauthorized rights.

 

Others?

 

d

 

 

Reply
0 Kudos
Caute_cautim
Community Champion
‎07-24-2022 08:32 PM
‎07-24-2022 08:32 PM

@Midude2000 @dcontesti Personally I would check with the Center for Internet Security (CIS) https://www.cisecurity.org/ they have a range of guidance and baselines and tools, which help you review the current environment. 

 

There is a bunch of free baselines for Microsoft Windows Servers, Desktop etc have a look through those baselines, and register, there is some very good guidelines you can use for reviews and even some tools to check those baselines against as well.

 

An example of an updated baseline or benchmark is:

 

https://www.cisecurity.org/insights/blog/update-cis-microsoft-windows-10-enterprise-release-1703-ben...

 

 

Regards

 

Caute_Cautim

Reply