1-800-264-9029|602-266-8500
  • Course Schedule
    • Microsoft Training
      • Windows 10
      • Microsoft 365
      • Windows Server 2019
      • Windows Server 2016
      • Windows Server 2012
      • SQL Server
      • Power BI
      • Azure
      • Data Engineering / Machine Learning
      • Artificial Intelligence (AI)
      • Teams
      • Office 365
      • Exchange Server
      • PowerShell
      • System Center
      • SharePoint
      • IIS
      • Skype for Business
      • BizTalk Server
    • Cloud Computing
      • Azure
      • Amazon Cloud (AWS)
    • Developer Training
      • Web Development
      • .NET Development and Visual Studio
      • Docker Kubernetes
      • Java Programming
      • Python
      • Team Foundation Server
    • Cisco Training
      • Cisco CCNA Routing & Switching
      • Cisco CCNP – HD Telepresence
      • Cisco Training – HD TelePresence
    • CompTIA Certification
      • CompTIA A+
      • CompTIA Network+
      • CompTIA Security+
    • Business Training
      • Project Management
      • ITIL
      • NIST
      • COBIT
      • Business Analysis
      • Agile
    • IT Security Training
      • CISSP / CEH / PKI / Security
      • NIST
    • Wireless / Wireshark Training
      • Wireless Networking
      • Wireshark
    • Red Hat
      • Red Hat – Linux
      • Red Hat – DevOps
    • Other Training
      • DevOps
      • VMware
      • NetApp
      • F5 Networks
      • Salesforce
      • Citrix
  • Subscription Schedule
  • RemoteLive™
  • Replay™
  • Video Courses
  • Blogs
    • Tech Blogs
    • Tech Videos
  • About
    • Instructors
    • Interface Gold™ Benefits
    • TechPaks
    • Our Video Training Timeline
    • Training Room Rental
    • Onsite Training
    • Contact

Group Policy Preferences Could Allow for Elevation of Privilege

Home > Blogs > Windows Server 2012 > Group Policy Preferences Could Allow for Elevation of Privilege

Group Policy Preferences Could Allow for Elevation of Privilege

Like This Blog 0 Rick Trader
Added by Rick Trader November 18, 2015

If you are using GPO Preferences to distribute passwords across your domain, you could be allowing a hacker to be able to retrieve those passwords. Passwords are stored as part of the GPO and can be retrieved and decrypted by an attacker. These passwords are stored in the GPO as the CPassword attribute.

For instructor-led Windows Server 2012 Training, see our class schedule.

The following Group Policy Preferences allowed an administrator to distribute passwords:

  • Map Drives
  • Local Users and Groups
  • Scheduled Tasks
  • Services and
  • Data Sources

This vulnerability is fully explained in Microsoft Security Bulleting MS14-025. The link to the article is Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486). To prevent an administrator from inadvertently setting a password with GPO Preferences apply the updates linked in the article.

Once the updates are applied when an administrator opens one of the preferences mentioned above the following dialog box will appear.

001-Group-Policy-Preferences-Security-Warning-Windows-Server

If an administrator clicks into the User Account field or Password field in the preference the following dialog box will appear.

002-Group-Policy-Preferences-Security-CPPassword-Windows-Server

For more information on CPasswords check out the following article, MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege.

If administrators have been deploying passwords with GPO Preferences there is a PowerShell Script included in the above article to help locate those GPOs.

User names and passwords can still be configured using PowerShell scripts when this situation is required.

Until next time, RIDE SAFE!

Rick Trader
Windows Server Instructor – Interface Technical Training
Phoenix, AZ

Subscribe to this author's posts feed via RSS

You May Also Like

  • How to clone a Windows Server 2012 or 2012 R2 Domain ControllerHow to clone a Windows Server 2012 or 2012 R2 Domain…
  • How to Reset a Windows Client Secure Channel Password - VideoHow to Reset a Windows Client Secure Channel…
  • Subnetting a TCP/IP Network using the Magic Box MethodSubnetting a TCP/IP Network using the Magic Box Method
  • Cisco IOS - The Difference Between Login and Login LocalCisco IOS - The Difference Between Login and Login Local
Category Windows Server 2012

Tags

CPassword, CPO, Group Policy Preferences, Group Policy Vulnerability, Hacked Group Policy, Microsoft Security Bulleting, User Account field

Videos You May Like

Creating Users and Managing Passwords in Microsoft Office 365

Creating Users and Managing Passwords in Microsoft Office 365

0 642 3

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.   For instructor-led Office 365 training classes, see our course schedulle: Spike Xavier SharePoint Instructor – Interface Technical Training Phoenix, AZ 20347: Enabling and Managing Office 365    

How to clone a Windows Server 2012 or 2012 R2 Domain Controller

How to clone a Windows Server 2012 or 2012 R2 Domain Controller

3 1480 3

One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller

Detailed Forensic Investigation of Malware Infections – April 21, 2015

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 606 5

How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015

Write a Comment

Share your thoughts... Cancel reply

Please fill out the comment form below to post a reply.

ITIL 4 Promotion

Blogs by Technology

  • Amazon AWS (2)
  • Azure Cloud Computing (2)
  • Business Analysis (8)
  • Cisco (125)
  • CompTIA (71)
  • Developer Visual Studio / ASP.NET (62)
  • Exchange Server (47)
  • ITIL / COBIT (33)
  • Lync Server (3)
  • Office 365 (5)
  • PMP Project Management (63)
  • PowerShell (81)
  • Security (47)
  • SharePoint (93)
  • SQL Server (78)
  • System Center (13)
  • Web Development (60)
  • Windows 10 (65)
  • Windows 7 (124)
  • Windows 8 (85)
  • Windows Server (74)
  • Windows Server 2012 (90)
  • Windows Server 2016 (14)
  • Wireless (9)
  • Wireshark (5)

Blogs by Instructor

  • Dan Wahlin (44)
  • Don Jones (15)
  • Dr. Avril Salter (6)
  • Greg Richard (1)
  • Interface (49)
  • Jason Helmick (38)
  • Jeff Jones (18)
  • Jeremy Cioara (8)
  • Mark Jacob (125)
  • Mark Thomas (28)
  • Mike Danseglio (93)
  • Mike Pfeiffer (35)
  • Peter Avila (32)
  • Rick Trader (127)
  • Spike Xavier (86)
  • Steve Fullmer (163)
  • Suzanne Van Hove (1)

Blogs You May Like

  • How to Configure Navigation in SharePoint Publishing Sites
  • Using Navigation Controls in a Collaboration Site in SharePoint
  • Forensic Investigation of Malware – What’s going on Behind the Scenes
  • ECMAScript 6 (ES6) – The Future Look of JavaScript for C# Developers
  • JavaScript for C# Developers – Differences between JavaScript Dynamic Syntax and C#
  • JavaScript for C# Developers – Key concepts of C# and JavaScript Syntax

Video Courses

  • ITIL 4 Foundation Certification Video Training Course
  • Project Management Professional (PMP®) Certification Video Training PMBOK® 6th Edition
  • PMI-PBA Business Analysis for IT Analysts and Project Managers (PMI-PBA)® Certification
  • SharePoint Designer 2013 for American Express
  • CompTIA Network+ (Coming Soon!)
  • CompTIA Security+ (Coming Soon!)
  • CompTIA A+ Certification Core 1 1001 (Coming Soon)
  • CompTIA A+ Certification Core 2 1002 (Coming Soon)

Live Training Courses

  • NET+007: CompTIA Network+ Certification Training + N10- 007 Exam
  • PowerShell - 10961: Automating Administration with Windows PowerShell
  • ITIL4® Foundation Certification Course with Exam
  • AZ-100: Azure Infrastructure and Deployment Training
  • PMI-PBA: Business Analysis for IT Analysts and Project Managers (PMI-PBA Certification)
  • Cisco CCNA - ICND1v3 Interconnecting Cisco Networking Devices CCNA Part 1
  • COBIT205: COBIT® 5 Foundation and Implementation IT Governance Training
  • DEV415: Microservices with ASP.NET Core and Docker
  • IT Security - SEC+501: CompTIA Security+ with Certification Exam SY0-501
  • SQL Server - SQL101: Introduction to Transact SQL
Facebook
Twitter
Linked In
Comment
EMAIL

Stay in touch with social!

Sign-up for weekly email updates!

  • This field is for validation purposes and should be left unchanged.

About Us

  • Interface Gold™ Benefits
  • TechPaks
  • Training Room Rental
  • Onsite Training

Contact Us

3110 N Central Ave
Suite 160
Phoenix, AZ 85012

602-266-8500

State of Arizona Contract # ADSPO18-210228

Copyright © 2020 Interface Technical Training. All Rights Reserved.

Live Training Terms and ConditionsTerms of UsePrivacy PolicyWIOA Policy

We are OPEN! All live classes 100% available with RemoteLive!Learn More
+ +