Article

Chapter introduction: Establishing Active Directory security

Derek Melber and Dave Kearns

The following excerpt is from Chapter 2 of the free eBook "Administrator shortcut guide to Active Directory security" written by Derek Melber and Dave Kearns and available at Realtimepublishers.com. Click for the complete

Requires Free Membership to View

book excerpt series.


Active Directory security

AD security is not a single setting; it is a compilation of settings that is multifaceted and can become very complex. The default AD security settings handle the basic control of objects such as user accounts, group accounts, and computer accounts. For small companies, this default configuration might be sufficient. For larger companies, the built-in security will be quickly outgrown quickly and additional security settings and design must be considered and implemented. Regardless of the size of the company, a firm grasp of AD security settings is necessary to ensure a secure and stable IT infrastructure.

If security is not established early in the AD environment, the entire environment can spiral out of control quickly. This spiraling is a result of the number of security settings that can be set, which grows almost exponentially as additional objects and features are added to AD -- consider that a single OU has nearly 1,000 permissions that can be set to control its contents. This complexity requires consideration as early as possible in the implementation of AD. During the design phase of AD, the security of AD objects should be considered and documented. The objects that need to be considered for security include:

  • Domain controllers
  • Servers
  • Client computers
  • User accounts
  • Group accounts
  • OUs
  • GPOs

The security that you design for AD must be implemented properly to be effective. Failure to follow your design documents can leave AD vulnerable to attacks from both within and outside of the LAN. In addition, AD security is very difficult to audit and track if not set up properly. In some cases, it will be easier to start over rather than to attempt to secure the AD environment after it has been installed and configured with many objects, settings and features.

Another key aspect of AD security is management. The management phase is critical because it is at this stage that ongoing AD security must be maintained. Whether it is giving users the ability to add members to groups or locking down computers that are located in the reception area, the management of the security for AD must be procedural and consistent.

In this chapter, we will explore delegation of administration within AD as well as the implications of AD structural design on security. Determining the best AD design for your environment is an important part of effective security. In addition, a key factor in AD security is directory administration.

Click for the next excerpt in this series: Directory administration.


Click for the book excerpt series or visit Realtimepublishers.com to obtain the complete book.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: