Question on Security - Firewall - IPSec - Domain Controllers - Assigned Users/Computers

[nathanpruitt]

Hello,

I was able to figure out most of the permissions here, but I'm curious on what two of these SIDs represent

I may run into more questions on this as I continue, but I'm working on trying to keep all of this straight. It's a very different approach than what I'm used to, which is why I'm labbing this!

Thanks for any insight you can offer here!

-Nate

[utsecnet]

Looks like maybe a user or group to which you have given access, but the accounts/groups no longer exists in AD. (My guess anyway)
I usually just allow ANY from Tier0 admins on Tier0 PAWs to All-Tier0-Servers. If you need additional clarification let me know. Just ensure that on Domain Controllers especially, you do not require authentication via IPSEC policies to domain ports otherwise you will prevent non-domain joined devices from being able to join, or network devices from hitting NTP, etc... You should only require authentication for management services like RDP (3389) and WMI stuff and any agent communication. Hit me up for any further clarification!