By searching for a way to remotely force an Windows Update check, I accidentally found this: DSInternals
This looked very promising, so I checked out the linked blog and found this: Retrieving Active Directory Passwords Remotely
This might be useful in some disaster recovery scenarios (or for hackers to create Golden Tickets…) or to prevent the use of the “Reversible Encryption option” and push people to encrypt and prevent unauthorized physical access to there Domain Controllers (including backups).
– On Domain Controllers use Bitlocker with a TPM
– Encrypt your Backups
– Physical access control (to dc and backups)
Golden Ticket attacks are no entry attacks. An attacker has to gain Administrative rights on a Domain Controller in order to apply this attack.