The Phantom Credentials of SCCM: Why the NAA Won’t Die
<p>If a Windows machine has ever been an SCCM client, there may be credential blobs for the <a href="https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/accounts#network-access-account" rel="noopener ugc nofollow" target="_blank">network access account</a> (NAA) on disk.</p>
<p>If an Active Directory account has ever been configured as an NAA, there may be credential blobs for that account on Windows hosts in the environment.</p>
<p>Stop using NAAs and transition to <a href="https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/enhanced-http" rel="noopener ugc nofollow" target="_blank">Enhanced HTTP</a>. That’s not enough! The credentials may persist on former clients. The NAA accounts should be disabled/removed from Active Directory!</p>
<p><a href="https://posts.specterops.io/the-phantom-credentials-of-sccm-why-the-naa-wont-die-332ac7aa1ab9"><strong>Read More</strong></a></p>