search for: acl_modifi

Hi again, Am Montag, 14. März 2016, 00:44:47 CET schrieb Markus Dellermann: > Am Donnerstag, 10. März 2016, 10:41:34 CET schrieb mathias dufresne: > Hi, Mathias and all > thank you for your answer. > > > Hi all, > > > > SPN = servicePrincipalName > > > > A simple search returning all servicePrincipalName declared in your AD: > > ldbsearch -H $sam

Hi Mathias and all. Am Donnerstag, 24. März 2016, 13:26:12 CEST schrieb mathias dufresne: > Hi, > > I'm glad that helped you : ) > > About SPN, I found that link few days ago: > https://adsecurity.org/?page_id=183 > It tries to list the string values available usable for SPN. > > And it gives also that link: >

Hi, I'm glad that helped you : ) About SPN, I found that link few days ago: https://adsecurity.org/?page_id=183 It tries to list the string values available usable for SPN. And it gives also that link: http://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spns-setspn-syntax-setspn-exe.aspx That one is a technet paper to explain SPNs. I tried to read it but

I'm not an expert, especially when it comes to servicePrincipalName which I haven't understood until now but I think it is safe to give an object the right to modify itself. If securing is one of your main concern, you could try to remove the possibility to that account to modify itself, once the servicePrincipalName is created. Doing that SPN should NOT be removed (no right to remove it)

Hi all, SPN = servicePrincipalName A simple search returning all servicePrincipalName declared in your AD: ldbsearch -H $sam serviceprincipalname=* serviceprincipalname An extract from result concerning a lambda client: # record 41 dn: CN=win-client345,OU=Machines,DC=ad,DC=domain,DC=tld servicePrincipalName: HOST/MB38W746-0009 servicePrincipalName: HOST/MB38W746-0009.ad.domain.tld