cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Midude2000
Newcomer II

Windows AD Trust review

Hello:
I wanted some quick education on important windows AD Trust terminology for an AD trust relationships audit.

I have researched online but I can’t seem to find good business level (the why behind the what) explanations

Specifically; What is meant by the following flag values
SID Filtering Forestaware = false (or true)
SID Filtering Quarintine = false (or true).

what is the significance of these flags, why so, what could go wrong if set one way vs. the other and best practice security settings for them
2 Replies
dcontesti
Community Champion

Both flags are related to Trust relationships in AD.

 

It is very difficult to say what can go right/wrong without full understanding of the environment.  What trusts are set up?  What does the forrest look like?  Are these flags being used Internally/externally/ both?

 

Microsoft Technet has a wealth of knowledge on these flags and others.  Here is one link:

 

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc...

 

SID filtering quarantining is typically used to prevent  attackers that have compromised a domain controller in a trusted domain to use the SID history attribute to grant themselves unauthorized rights.

 

Others?

 

d

 

 

Caute_cautim
Community Champion

@Midude2000 @dcontesti Personally I would check with the Center for Internet Security (CIS) https://www.cisecurity.org/ they have a range of guidance and baselines and tools, which help you review the current environment. 

 

There is a bunch of free baselines for Microsoft Windows Servers, Desktop etc have a look through those baselines, and register, there is some very good guidelines you can use for reviews and even some tools to check those baselines against as well.

 

An example of an updated baseline or benchmark is:

 

https://www.cisecurity.org/insights/blog/update-cis-microsoft-windows-10-enterprise-release-1703-ben...

 

 

Regards

 

Caute_Cautim