Yes i'm aware of the best practice, but i asked about a temporary mitigation strategy given that it is already joined to prod domain and all other factors like patching/gpo & user config etc need to be considered before it's potential removal. https://labs.watchtowr.com/by-executive ... 025-23120/ suggests that the main issue is that any user account can pass the weak authentication check if domain users is a member of local users, my thinking being this check will fail if domain users is removed? Is also suggests that the fix have previously been simply updating a text file, which makes me wonder why it takes around an hour to apply
Statistics: Posted by chrisr — Jun 25, 2025 8:15 am
![Alice In Chains – Sap – EP [iTunes Plus M4A]](http://is1-ssl.mzstatic.com/image/thumb/Music/47/35/c7/mzi.ljwsgbez.jpg/592x592bb.webp)
![Chad Lawson – Awakening: The Stillness Within (2026) [FLAC 24bit/48kHz]](http://imghd.xyz/images/2026/05/09/x5d03jw9bi367_600.jpg)
