Greenbush K12 Tech Blog

Active Directory has been around for decades and is still the identity backbone of most schools. Attackers know this, compromise the AD, and then often own the entire environment. Today, many districts also run Microsoft Entra ID (formerly Azure AD) alongside their on-prem AD. This hybrid model expands your attack surface but also gives you more free/built-in defenses if you use them wisely. Here are four practical ways to harden your environment using only built-in Microsoft tools. 1. Deploy Microsoft LAPS (Local Administrator Password Solution) Why it matters: Attackers love reusing local admin credentials across multiple machines. If every computer in your district has the same local admin password, one compromise means they own them all. What LAPS does: Randomizes each computer’s local administrator password. Stores the unique password securely in AD, accessible only by authorized admins. Rotates automatically on a schedule. How to implement: Download LAPS (free from Microsoft)....

PowerShell is a favorite tool for attackers. It's built into every modern Windows environment, trusted by default, and incredibly powerful for running scripts, downloading payloads, and moving laterally. But here's the good news: you don't need expensive endpoint detection solutions to start catching malicious PowerShell activity. With a few free tools, you can immediately gain valuable visibility and improve your detection capabilities. Here's a simple setup I've used in resource-constrained environments like K–12 schools: Step 1: Install Sysmon for Detailed Logging Why Sysmon? Windows Event Logs capture some data, but Sysmon (from Microsoft's Sysinternals suite) provides much richer detail: process creation, command-line arguments, network connections, and more. How to install Sysmon: Download from Microsoft Sysinternals: Sysmon. Run: sysmon -accepteula -i sysmonconfig.xml (Use a community config like SwiftOnSecurity's sysmon config to get started quick...