1) MSA passwords are incredibly strong and rotate frequently enough that Kerberoasting is near impossible (especially with AES)
2) The password can be retrieved on one server and used on another, pass the hash/ticket still works..
OK, first, let's find out if you have a KDS root key set up. Run Powershell on a machine with the Active Directory Powershell Module installed and run this:
I like Matthew a lot, but I don't feel this is a "dumb overreaction."
As a security admin overseeing 40K+ students and participating in communities serving over 1.5M students, I would love to shed some light on the difficulties Zoom has created for us.
First, let's start with Zoombombing. The answer seems very simple - let's add a password. The problem is that many places allowed teachers to go create their own accounts, and we had to rely on them reading email from IT.
For those of us who do have an admin console to control settings, sure we can change the settings to add a password, but that only affects future meetings (according to the console), not past meetings.
Again, communicating to teachers to change existing meetings? This is hard.