Securing Windows domain controllers

Domain controllers control the keys to your Windows kingdom. They need to be even more secure than your other servers. Ensure their security by following these steps from Active Directory expert Derek Melber.

Since domain controllers control the keys to the kingdom (or domain as it is called), they are essential to protect. Without protection of the domain controllers, there is nothing that an intruder or attacker could not access with regard to your Active Directory enterprise. There are some easy methods and configurations that you can take advantage of to improve the security of your domain controllers with not much effort. Taking these...

actions will increase the overall security of your domain controllers, Active Directory network, and enterprise as a whole.

When protecting domain controllers within an Active Directory enterprise, you need to consider the inherent vulnerabilities on a Windows system, as well as all of the avenues that an attacker will use to try to access the system. When you consider all of these factors, you then need to develop the solutions to protect against these attacks. We will discuss some methods to guard against the common attacks made against domain controllers. This will include physical access, network access, domain controller communication, and domain controller roles and locations in Active Directory.


Securing Windows domain controllers

  Introduction
 Step 1: Physical Access
 Step 2: Network Access
 Step 3: Domain Controller Communications
 Step 4: Location and Responsibilities of Domain Controllers in Active Directory

ABOUT THE AUTHOR:
Derek Melber, MCSE, MVP and CISM, is the director of compliance solutions for DesktopStandard Corp. He has written the only books on auditing Windows security available at The Institute of Internal Auditors' bookstore, and he also wrote the Group Policy Guide for Microsoft Press -- the only book Microsoft has written on Group Policy. You can contact Melber at derekm@desktopstandard.com.
Copyright 2005 TechTarget
This was first published in March 2006

Dig deeper on Microsoft Active Directory Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close