Step-by-Step Guide

Step 1: Physical access

It is a common adage that "if you can't protect the physical box, you don't have much protection of anything stored on the box." When it comes to domain controllers, the statement is even more true. I know this is an article on domain controllers, but this should be the case for all servers on the network. You must protect these computers so that no one has physical access to them. Here are some tips on how to accomplish this.

  • -Make sure all domain controllers are located in a secured server room.
  • -Use physical access controls at the server room door. This might include a door locking system that required a code, key, card system, voice recognition or some other biometric.
  • -Require smart card access when logging into the domain controllers. This form of two factor authentication is becoming more popular and easier to configure for all systems including domain controllers.
  • -Limit logging into domain controllers unless there is a problem with the computer that can't be done remotely. This includes leaving users logged on to the domain controllers.

Requires Free Membership to View


Securing Windows domain controllers

 Introduction
 Step 1: Physical Access
 Step 2: Network Access
 Step 3: Domain Controller Communications
 Step 4: Location and Responsibilities of Domain Controllers in Active Directory

ABOUT THE AUTHOR:
Derek Melber, MCSE, MVP and CISM, is the director of compliance solutions for DesktopStandard Corp. He has written the only books on auditing Windows security available at The Institute of Internal Auditors' bookstore, and he also wrote the Group Policy Guide for Microsoft Press -- the only book Microsoft has written on Group Policy. You can contact Melber at derekm@desktopstandard.com.
Copyright 2005 TechTarget

This was first published in March 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: