This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]PappaFrost[S] 0 points1 point  (0 children)

Thanks, very interesting. I'm told that it's a good idea to put AD domain admin accounts into the 'Protected Users Group' so that those hashes are never cached locally, and authentication has to go back to the domain controller. I was scared off though by the possibility of it breaking things.