user996142

Asked: 2021-12-30 02:14:31 +0800 CST2021-12-30 02:14:31 +0800 CST 2021-12-30 02:14:31 +0800 CST

Active Directory: how to get rid of NTLM when we have remote users (road warriors)?

I want to disable NTLM completely. I don't want password hash to be stored in memory because of pass-the-hash attack (people don't have SeDebugPrivilege but anyway NTLM is not good)

But people connect to workspace via RDP from their homes. I can use VPN + RD Gateway, but still people will use passwords and NTLM for RDP.

Is there any way to fix it?

If no, can I configure RD gateway somehow to get Kerberos tickets on behalf of users, so they only use NTLM for RD gateway, but not for other resources?

In other words, how can I eliminate NTLM or decrease number of its usages when I have remote users?

Active Directory: how to get rid of NTLM when we have remote users (road warriors)?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Active Directory: how to get rid of NTLM when we have remote users (road warriors)?

0 Answers