- Active Directory Disaster Recovery
- Florian Rommel
- 329字
- 2021-07-02 11:37:16
Baseline Security
To ensure the same level of security in your AD-throughout your organization, you need to have a security baseline for your AD and your Domain Controllers (DC). Whilst the security baseline has to be in line with your organizational security policy, there are several things that you should consider implementing.
Domain Policy
The default Domain Security Policy contains default values that are quite relaxed for most organizations. You should definitely change some of them.
As per Microsoft's recommendations (see: http://technet2.microsoft.com/windowsserver/en/library/cae0e49c-7929-4c94-be3a-ea6a63f09b6e1033.mspx for more information), you should at least change the password policy, the Account Lockout Policy, and the Kerberos Policy, all of which can be found in the Default Domain Security Settings under Account Policies, as shown in the following screenshot:
Strengthening an AD through password and Kerberos settings might not seem directly related. However, with proper password, lockout, and expiry settings, you can impair brute force cracking quite a bit, and therefore prevent administrative access to your AD by unauthorized people.
Domain Controller Security Policy
In order to maintain a unified and strong AD, every DC should have the same security settings and much of the same configurations. Having multiple vendor servers acting as DCs is an acceptable risk factor (considering the fact that you have to trust multiple drivers in different scenarios). But you should always choose to use the latest stable drivers — which does not mean necessarily the newest ones, from your chosen vendor, in each location.
Another thing to ensure is that all DCs should have the same patch level and the same Service Pack level throughout your domain. This ensures that no new features are available on some DCs but others, and you won't run the risk of either incompatibility, or other errors appearing in your Event Logs.
The Microsoft Windows 2003 Security guide, Chapter 5 (http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/s3sgch05.mspx), shows the recommended settings for policies, specifically for DCs, and you may want to use some of these, whilst adjusting others to suit your needs.
- ModelSim電子系統(tǒng)分析及仿真(第3版)
- 中文版Photoshop入門與提高(CS6版)
- 架構(gòu)之美
- jQuery Mobile First Look
- Flash Facebook Cookbook
- Premiere Pro影視后期編輯:短視頻制作實(shí)戰(zhàn)寶典
- Spark Cookbook 中文版
- Photoshop數(shù)字圖像處理
- Photoshop新媒體美工設(shè)計(jì)(視頻指導(dǎo)版)
- Photoshop+CorelDRAW平面設(shè)計(jì)實(shí)例教程(第3版)
- Creo 4.0中文版基礎(chǔ)教程
- Illustrator 2024實(shí)用教程
- 剪輯師寶典:視頻剪輯思維與案例實(shí)戰(zhàn)
- TYPO3 4.3 Multimedia Cookbook
- 中文版AutoCAD 2014機(jī)械設(shè)計(jì)實(shí)戰(zhàn)從入門到精通