Who can configure the Active Directory scan?
Any endpoint connected to Active Directory is sufficient to run the script; there is no need to execute it from an administrator account. It can be run on a machine connected to AD or directly on AD.
Activating the Active Directory Scan
The installation of the tool involves 3 steps:
- Go to the "Active Directory" tab in your Stoïk Protect platform.
- Download the script.
- Execute it in a PowerShell console. During execution, the PingCastle and BloodHound tools will be downloaded.
The results of this audit highlight potential vulnerabilities, classified into 4 levels: low, medium, high, and critical. If a flaw is detected after the scan, the remediation steps necessary for resolution are indicated.
To ensure the activation of the scan works, check that:
- Active Directory is local.
- The machine is connected to the Internet.
- The machine is connected to AD.
Restarting the Active Directory Scan
Each new execution must be launched manually. The downloaded script is valid for only 24 hours; after this period, it needs to be downloaded again from the "Active Directory" tab and then "Settings."
The scan can be restarted as many times as necessary. Under normal operation, it is recommended to run it every month. During the infrastructure security hardening phase, it can be launched more frequently to verify that incorrect configurations have been corrected.