Active Directory Security Review

Active Directory Security Review

Microsoft Active Directory is a key resource, holding the central store of user accounts and providing the means to harden your workstations and servers through Group Policies.
37% of breaches feature stolen or misused user accounts, so the first part of our Active Directory review is to identify if user accounts and passwords are being managed well in the organisation.

The second part of our Active Directory reviews establishes whether good security policies are enforced on devices and servers. This is one of the five technical controls recommended by the National Cyber Security Centre’s in their Cyber Essentials guidance for Small to Medium sized businesses.

We will perform the following tests:


    1. Verify the presence of Anti-Virus/Anti-malware
    2. Verify patch-levels
    3. Check for the presence of unnecessary or default services
    4. Identify user or machine accounts that:
      a. are using weak passwords in the NCSC Top 100k passwords list
      b. have not been used for long periods, and therefore may indicate staff who have left
      c. have elevated privileges
    5. Manually review Group Policies against best practices from Microsoft


Before we start any testing, we’ll agree on a formal testing Scope document with you. In this, we’ll agree on the Active Directory servers and domains that are in scope and how we will access those. In order to perform our tests we’ll need you to provide access to the servers, for example via VPN and appropriate credentials to view the Active Directory configuration.