Step 1: Physical access

Domain controllers control the keys to your Windows kingdom. They need to be even more secure than your other servers. Ensure their security by following these steps from Active Directory expert Derek Melber.

It is a common adage that "if you can't protect the physical box, you don't have much protection of anything stored on the box." When it comes to domain controllers, the statement is even more true. I know this is an article on domain controllers, but this should be the case for all servers on the network. You must protect these computers so that no one has physical access to them. Here are some tips on how to accomplish this.

  • -Make sure all domain controllers are located in a secured server room.
  • -Use physical access controls at the server room door. This might include a door locking system that required a code, key, card system, voice recognition or some other biometric.
  • -Require smart card access when logging into the domain controllers. This form of two factor authentication is becoming more popular and easier to configure for all systems including domain controllers.
  • -Limit logging into domain controllers unless there is a problem with the computer that can't be done remotely. This includes leaving users logged on to the domain controllers.


Securing Windows domain controllers

  Introduction
  Step 1: Physical Access
 Step 2: Network Access
 Step 3: Domain Controller Communications
 Step 4: Location and Responsibilities of Domain Controllers in Active Directory

ABOUT THE AUTHOR:
Derek Melber, MCSE, MVP and CISM, is the director of compliance solutions for DesktopStandard Corp. He has written the only books on auditing Windows security available at The Institute of Internal Auditors' bookstore, and he also wrote the Group Policy Guide for Microsoft Press -- the only book Microsoft has written on Group Policy. You can contact Melber at derekm@desktopstandard.com.
Copyright 2005 TechTarget
This was first published in March 2006

Dig deeper on Microsoft Active Directory Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

This Content Component encountered an error
Close