Share via

AD Starter scan VA issue

Anonymous
2024-09-24T12:49:35+00:00

Hi Team,

we have scanned the AD server with Tenable scan, reported the VA as AD Starter Scan plugi id: 150480, in all the 24 Ad servers, could you please help us to suggest what chnages can be made to resove the VA.

please share your suggestion, that will hep us to find and resolve the VA.

Windows for business | Windows Server | Directory services | Active Directory

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments
Accepted answer
  1. Anonymous
    2024-09-24T13:33:33+00:00

    Hello S Siva1,

    Thank you for posting in Microsoft Community forum.

    It sounds like you're dealing with a specific vulnerability identified by Tenable on your Active Directory (AD) servers. While I don't have direct access to Tenable's database of plugins, here are some general advice on how to address vulnerabilities on AD servers based on common practices.

    1.Review the Scan Report:

    First, carefully review the details provided by Tenable for plugin ID 150480. The report should contain specific information regarding the nature of the vulnerability, affected components, and perhaps even remediation steps.

    2.Patch Management:

    Ensure that your AD servers are up-to-date with the latest patches and updates from Microsoft. Vulnerabilities are often addressed by applying the latest security patches.

    3.Configuration Changes:

    Secure LDAP (LDAPS): If the vulnerability is related to LDAP, consider configuring your AD servers to require LDAPS for secure communication.

    Group Policies: Review and, if necessary, tighten your Group Policy settings to enforce stronger security settings.

    Administrative Permissions: Limit admin permissions to only those who absolutely need them and ensure that accounts with administrative access follow best practices for password complexity and multi-factor authentication.

    4.Firewall and Network Settings:

    Ensure that your AD servers are protected by properly configured firewalls, and limit access to these servers to only necessary systems and users.

    5.Auditing and Monitoring:

    Implement and regularly review auditing and monitoring on your AD servers to detect and respond to suspicious activities quickly.

    6.Disable Unused Services:

    Disable any unnecessary services and features that might be increasing your attack surface.

    7.Backup:

    Regularly back up your AD servers to ensure you can recover quickly in case of a security breach or other failure.

    For a more specific solution, you would need to look at the detailed information provided by Tenable.

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-09-26T04:18:26+00:00

    Hi Daisy Zhou,

    Thanks for the suggession, we have checkd the report and found the objectives affected.
    Ad Starter Scan -primary group id Integrity VA is reported, which seems current id is 6604,
    solution suggested from Temable is to change the grop id ro default on , but not sure which group the id 6604 and how to find and change the same.

    coul you please help on this

    we have found one user account , that account shows primary id integrity as 6604 , need to chnage as defult.

    0 comments
  2. Anonymous
    2024-09-26T07:12:50+00:00

    Hello

    Good day!

    Where did you see the account shows primary id integrity as 6604? in ADUC on domain Controller?

    Would you please provide the screenshot with it?

    Best Regards,
    Daisy Zhou

    0 comments