(07)專案管理 » 01_外部專案

N bookmark2025052801463337292181788 "Use of ""Pre-Windows 2000 Compatible Access"" group

" "The “Pre-Windows 2000 Compatible Access” group allows its members read access to all user and computer objects in Active Directory, which can expose sensitive information. If an attacker gains membership in this group, they can exploit these permissions to gather valuable data and potentially elevate their privileges, compromising the security of the entire network.

" "Remove ""Anonymous Logon"" from the ""Pre-Windows 2000 Compatible Access"" group.

The Builtin\Pre-Windows 2000 Compatible Access group was originally designed to ensure backward compatibility for systems that predate Windows 2000 (Windows NT 4.0). It is imperative that this group exclusively encompass Authenticated Users (S-1-5-11). ADCS servers are automatically added to this group upon installation. Review any other membership to ensure that there is a business purpose of maintaining the membership. Should it not be necessary anymore, consider removing the membership."