Group Policy Preferences Could Allow for Elevation of Privilege
If you are using GPO Preferences to distribute passwords across your domain, you could be allowing a hacker to be able to retrieve those passwords. Passwords are stored as part of the GPO and can be retrieved and decrypted by an attacker. These passwords are stored in the GPO as the CPassword attribute.
For instructor-led Windows Server 2012 Training, see our class schedule.
The following Group Policy Preferences allowed an administrator to distribute passwords:
- Map Drives
- Local Users and Groups
- Scheduled Tasks
- Services and
- Data Sources
This vulnerability is fully explained in Microsoft Security Bulleting MS14-025. The link to the article is Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486). To prevent an administrator from inadvertently setting a password with GPO Preferences apply the updates linked in the article.
Once the updates are applied when an administrator opens one of the preferences mentioned above the following dialog box will appear.
If an administrator clicks into the User Account field or Password field in the preference the following dialog box will appear.
For more information on CPasswords check out the following article, MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege.
If administrators have been deploying passwords with GPO Preferences there is a PowerShell Script included in the above article to help locate those GPOs.
User names and passwords can still be configured using PowerShell scripts when this situation is required.
Until next time, RIDE SAFE!
Rick Trader
Windows Server Instructor – Interface Technical Training
Phoenix, AZ
Creating Users and Managing Passwords in Microsoft Office 365
In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365. For instructor-led Office 365 training classes, see our course schedulle: Spike Xavier SharePoint Instructor – Interface Technical Training Phoenix, AZ 20347: Enabling and Managing Office 365
Windows 10 Managing, Deploying and Configuring – December 2, 2015
In this recorded Windows 10 training webinar from December 2, 2015, Windows Server instructor Rick Trader presents the deployment and management of Windows 10 Enterprise and the new Provisioning capability in Windows 10. Learn how to manage Windows 10 deployments using System Center Configuration Manager, Mobile Device Management and Intune. Also included in his presentation … Continue reading Windows 10 Managing, Deploying and Configuring – December 2, 2015
Windows 10 Features and Navigation – December 1, 2015
In this recorded Windows 10 webinar from December 1,2015, Windows Instructor Steve Fullmer presents the navigation and some of the new features associated with Windows 10 including Sysinternals Tools for Windows Client, Windows core concepts, exploring Process Explorer as well as some of the features that are not yet ready for prime time but will … Continue reading Windows 10 Features and Navigation – December 1, 2015
Write a Comment
