How to Block Known Bad Active Directory Passwords
In this article, we will explore why and how to block the use of certain passwords for Active Directory user accounts. In an Active Directory environment, password security is a critical factor in protecting user accounts against cyberattacks. However, even with a strict password policy in place, some users or administrators may still choose weak passwords or ones that can be easily guessed. To strengthen the security of your domain, it is possible to prevent the use of specific passwords. If blocking bad Active Directory passwords is part of a larger identity-security learning plan, compare Udemy technical training courses for cloud, development, security, and business software skills before paying for another course library. Why block certain passwords? There are several scenarios in which it is advisable to prevent users or administrators from setting specific passwords. The larger and older an Active Directory environment becomes, the higher the likelihood of poor practices and notable weaknesses. Throughout my career as a pentester, I have conducted numerous internal penetration tests in companies of different sizes, levels of maturity, and industries. In many cases, password reuse across multiple user accounts allowed me to compromise several accounts, including privileged ones, which sometimes led to the complete compromise of the domain. To strengthen security and increase resilience against cyberattacks, it may be necessary to block specific passwords, especially when they arise from the following situations. Common initial password for all accounts A common practice within administration teams is to assign the same initial password (often referred to as a default password) to every new user, with the instruction to change it as soon as possible. A typical example of such a password could be “Welcome2024!”. However, this password change is not always enforced, especially when it is not technically required. In many cases, it is possible to find user accounts still configured with this password even years after their creation, either because they were never used, or because the password change requirement was not applied (e.g., technical accounts, test accounts, or so-called temporary accounts).
PowerShell 101: Creating a Module Manifest
Maybe you’ve put together some great functions but struggle to make them cohesive, intuitive, or shareable. Without a way to define your module’s identity and functionality, managing or scaling as your scripts evolve into robust tools can be a headache. Not unless you have a module manifest in place. Think of a module manifest as the backbone of your PowerShell module. In this guide, you’ll learn what a manifest is and how to create one that simplifies management and enhances usability. Paid link disclosure: AffiliateMagic may earn a commission if you buy through the linked review. If this PowerShell workflow needs to become a repeatable team skill, compare Udemy technical training courses for cloud, development, security, and business software learning paths before choosing a paid course. Prerequisites To follow along with this tutorial, ensure you have: PowerShell 5.1 or PowerShell 7+ installed Administrative access to create files in the PowerShell modules directory A basic PowerShell module (.psm1 file) ready to enhance with a manifest What is a PowerShell Module Manifest? A module manifest is a PowerShell data file (.psd1) that contains metadata about your module. It’s essentially a hashtable that tells PowerShell: Which functions to expose What PowerShell versions are compatible Who created the module and when What dependencies the module requires How the module should behave when imported Without a manifest, PowerShell modules still work but lack professional polish and control. The manifest transforms a collection of scripts into a manageable, versioned package. Creating and Naming a Manifest A manifest file must follow specific naming conventions. Name the manifest file after your module with a .psd1 extension. For example, if your module is named ComputerInventory, the manifest file should be ComputerInventory.psd1. Using New-ModuleManifest While you can create a manifest manually, the New-ModuleManifest cmdlet simplifies the process. Here’s a complete example: New-ModuleManifest -Path 'C:\Program Files\PowerShell\Modules\ComputerInventory\ComputerInventory.psd1' ` -RootModule 'ComputerInventory.psm1' ` -ModuleVersion '1.0.0' ` -Guid (New-Guid).Guid ` -Author 'Your Name' ` -CompanyName 'Your Organization' ` -Description 'A module for collecting computer hardware inventory information' ` -PowerShellVersion '5.1' ` -FunctionsToExport 'Get-MemoryInfo','Get-ProcessorInfo','Get-StorageInfo' ` -CompatiblePSEditions 'Core','Desktop' Understanding the Parameters Path – Where to create the manifest file.
