Does your organization know its RC4 exposure or guessing?

About This RC4 Kerberos Remediation Assessment

Microsoft's April 14, 2026 cumulative update implemented Phase 2 of CVE-2026-20833, changing how fully patched Windows domain controllers issue Kerberos tickets. The KDC no longer implicitly accepts RC4 as a default. Accounts without AES key material and applications that cannot handle AES-encrypted tickets will experience authentication failures. On July 14, 2026, the RC4DefaultDisablementPhase registry key is removed permanently, ending the Phase 1 rollback option.

This free self-assessment evaluates your organization's readiness across five areas: domain controller configuration state, AES key material per account, KRBTGT rotation status, application and device compatibility, and compliance documentation. It takes under three minutes and delivers personalized results to your inbox.

Organizations that complete RC4 Kerberos hardening remediation before July 14, 2026 avoid authentication outages entirely. Those that do not will face failures across domain-joined systems with no domain-wide rollback option remaining. The assessment helps you understand whether your current posture is based on evidence or assumption, and what the path to documented, auditable remediation looks like.

Preside delivers a full RC4 Detect assessment for organizations that need per-account AES key confirmation from KDC event evidence, Mode A and Mode B failure identification, service account dependency mapping, and a sequenced remediation plan before the July 14, 2026 deadline.