Configure Lab

Log on to the DC and open the manage computers and users tool (server manager > Tools > Active Directory users and computers).

Go onto the computers tab.

Right click on the comp and go into properties > delegation.

Click on the allow delegation for all services.

Apply.

Abuse

Can use printerbug to abuse and auth as DC, then can DCSync.

Fix

Same steps as before but remove the delegation completely.