Update recover-from-golden-gmsa-attack.md

v-lianna · web-flow · commit 641ddece2d14 · 2023-09-07T13:19:16.000+08:00
diff --git a/support/windows-server/windows-security/recover-from-golden-gmsa-attack.md b/support/windows-server/windows-security/recover-from-golden-gmsa-attack.md
@@ -88,7 +88,7 @@ The approach is to create a new KDS Root Key object that's unknown to the attack
 > - You don't have to manually repair gMSAs that were created after the Active Directory Domain Services (AD DS) database exposure ended. The attacker doesn't know the details of these accounts, and the passwords for these accounts will regenerate based on the new KDS Root Key object.
 > - You should consider the gMSA object in "maintenance mode" until the procedure is completed, and ignore possible errors that are reported with the accounts in the System, Security, Directory Services, and Security-Netlogon event log.
 > - The guide assumes that the gMSAs are child objects of the **Managed Service Accounts** container. If you have moved the accounts to custom parent containers, you need to run the steps related to the **Managed Service Accounts** container on the gMSA in these containers.
-> - An authoritative restore rolls back all attributes to their values at the time of the backup, including the accounts that are allowed to retrieve the gMSA credentials (`PrincipalsAllowedToRetrieveManagedPassword`).
+> - An authoritative restore rolls back all attributes to the state they were in at the time of the backup, including the accounts that are allowed to retrieve the gMSA credentials (`PrincipalsAllowedToRetrieveManagedPassword`).
 
 In the domain holding the gMSAs that you want to repair, follow these steps:
 
