🎙️ In this episode of Directory Insights in 10 Minutes, powered by Guardians of the Directory, Craig Birch walks you through detecting and remediating a legacy misconfiguration that still haunts many AD environments: accounts limited to DES-only Kerberos encryption.
DES is weak, deprecated, and easily cracked — yet it's still lurking in environments where older configurations or forgotten accounts persist.
🔍 What You’ll Learn:• Why DES-only encryption is dangerous in modern AD environments
• How attackers exploit this weakness in Kerberos ticket exchanges
• PowerShell techniques to find accounts with DES enabled
• How to upgrade users to AES encryption using Set-ADUser
• GUI vs. script-based remediation — what’s faster and safer🛠️ PowerShell Spotlight:# Find users with DES-only encryption enabled
Get-ADUser -Filter {UserAccountControl -band 0x200000} -Properties UserAccountControl |
Select-Object Name, SamAccountName
# Remediate: Remove DES-only flag and enable AES
Set-ADUser username -KerberosEncryptionType AES128,AES256
✅ This helps ensure your accounts are no longer relying on crackable encryption standards.
✅ Quick Takeaways:
DES is deprecated and no longer secure
Many legacy accounts still silently rely on DES
Use PowerShell or GUI to detect and remediate fast
Always test before changing encryption settings on service accounts
Enforce stronger Kerberos encryption org-wide via GPO
💬 Found this helpful? Like, comment, or share. Got a topic for a future 10-minute breakdown? Drop it below — we’re listening.
📌 Powered by Guardians of the Directory
Popular Podcasts
Las Culturistas with Matt Rogers and Bowen Yang
Ding dong! Join your culture consultants, Matt Rogers and Bowen Yang, on an unforgettable journey into the beating heart of CULTURE. Alongside sizzling special guests, they GET INTO the hottest pop-culture moments of the day and the formative cultural experiences that turned them into Culturistas. Produced by the Big Money Players Network and iHeartRadio.
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.