Chatta subito con l'assistenza
Chat con il supporto

Security Guardian Current - User Guide

Introducing Quest Security Guardian Using the Dashboard Security Guardian Inteligence Tier Zero Objects Shields Up Protection Privileged Objects Assessments Findings Security Settings Appendix - Security Guardian Indicator Details Appendix - Data Collection Details

Shields Up Protection

In times of heightened cyber threat—whether due to intelligence suggesting an imminent attack or signs of an ongoing breach—organizations may need to temporarily enforce stricter controls over their Active Directory environments. The Shields Up feature provides a rapid-response mechanism to lock down critical Active Directory objects, preventing unauthorized or accidental changes during a security incident.

This emergency posture is designed to be short-lived but highly restrictive, offering a pre-configured protection template that can be activated instantly. By doing so, it helps safeguard Tier Zero assets and other vital components of the Active Directory infrastructure until the threat subsides.

While intended for temporary emergency use, Shields Up can also be deployed continuously as a proactive security measure.

Shields Up safeguards critical Tier Zero assets and configurations by preventing unauthorized deletion, modification, or policy changes including the following:

  • Prevents deletion and modification of Tier Zero users, computers, groups, and group policies.

  • Prevents deletion and modification of foreign security principals and well-known security principals.

  • Prevents domain head from linking and unlinking group policies, modification of security, and modification of ms-DS-MachineAccountQuota.

  • Prevents linking and unlinking of group policies for Domain Controllers Organizational Unit (OU).

  • Prevents creation, deletion, and modification of certification templates.

  • Prevents security modifications and changes to the DsHeuristics attribute of Directory Service Objects.

  • Prevents modification of the AdminSDHolder container.

NOTE: Protection is limited to a maximum of 200 Tier Zero users, 200 Tier Zero groups, 200 Tier Zero computers, and 200 Tier Zero group policies.

A domain is eligible for Shields Up if:

  • It is configured with either BloodHound Enterprise or the Hybrid Agent as a Tier Zero data provider actively collecting from the domain.

  • It has Change Auditor version 7.6 or later deployed within the domain.

To access Shields Up functionality:

  1. From the left navigation menu, choose Security | Prevention.

  2. Select the Shields Up tab.

Using Shields Up

The Shields Up tab provides a centralized view and control panel for managing emergency protection across Active Directory domains. It includes action buttons and a data table with key domain-level details.

From here, you can:

The display includes the following details:

Column Name Description
Domain Displays the name of the domain. This column is filterable.
Forest Displays the name of the forest. This column is filterable.
Shields Up Status

Displays the current status of Shields Up for the domain: Enabled, Enabling, Disabled, or Disabling. This column is filterable.

Date Enabled Displays the date and time when Shields Up was enabled for the domain.
Enabled By Displays the user principal name of the person who enabled Shields Up. This column is filterable.
Override Accounts Displays the number of accounts that have been granted override access to bypass Shields Up protections.

Enabling Shields Up

Shields Up is a security feature that locks down Tier Zero and other critical Active Directory system objects to prevent unauthorized or accidental changes during a potential or active cyber threat.

When Shields Up is activated:

  • Tier Zero and critical system objects are protected from modification.

  • Any objects newly identified as Tier Zero while Shields Up is active are automatically added to the protection list.

  • Objects removed from Tier Zero during this time are no longer protected.

Additionally, enabling Shields Up triggers an alert that is sent to all configured email recipients, ensuring that key stakeholders are informed of the change in security posture.

Once the threat has passed or the emergency posture is no longer required, Shields Up can be safely disabled to restore normal administrative access.

For more information, see:

To activate Shields Up for a domain

  1. From the left navigation menu, choose Security | Prevention.

  2. Select the Shields Up tab.

  3. Select a domain from the list of Active Directory domains configured in your organization.

  4. Review the list of critical system objects that will be protected under Shields Up.

  5. Click the Enable Shields Up button on the Shields Up tab.

  6. Acknowledge that you understand the significance of the action and click Enable Shields Up.

After Shields Up is initiated, the domain’s status will change to Enabling. Once activation is complete, the status will update to Enabled.

An email alert will be automatically sent to all designated stakeholders to notify them that Shields Up is now active.

Disabling Shields Up

Disabling Shields Up will remove the temporary restrictions and restore standard permissions for Tier Zero and other protected objects and will trigger an alert to the configured email recipients.

To disable Shields Up for a domain

  1. From the left navigation menu, choose Security | Prevention.

  2. Select the Shields Up tab.

  3. Navigate to the Prevention section and open the Shields Up tab.

  4. Select the domain where Shields Up is currently enabled.

  5. Click Disable Shields Up.

  6. Acknowledge that you understand the significance of the action and click Disable Shields Up.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione