Cached Credential Security Vulnurability
In our network we run occasional Pen tests and upon our last results noticed that a breach was possible by cracking an admin's cached credentials and escalating permissions to do all sorts of "damage". We are trying to make a fix for this however here are the issues. We have laptops where people have to cache their credentials when they leave the DC.
What would be the best way to harden our systems. I was thinking using OU's and specific GPO's like cached credential limit for laptops is 2 everyone else is 1 etc...
Please help. Thank you!