You might wonder, how Attackers can gain Acccess to your Gold Mine, Active Directory.
Well, it’s simple, somebody from you organisation who has Domain Admin rights, logged in on a workstation with his Domain Admin credentials.
So, how does one prevent this?
There is the cached credentials setting in the Group Policy.
Anything set there is cached. By default it’s 10 cached credentials. That’s a serious security issue.
In order to prevent this you must take in account, and for sake of arguments we are going to mention the obvious: