Home > Checklist: Secure domain controller settings
Checklist:
EMAIL THIS LICENSING & REPRINTS

Checklist: Secure domain controller settings

17 Apr 2006 | SearchWindowsSecurity.com

Advice for securing Windows
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

In order to protect domain controllers from local and network attacks, you should use Group Policy settings. Ideally, you will modify the Default Domain Controllers Policy or create a new Group Policy Object (GPO) and link it to the Domain Controllers organizational unit (OU). In either case, you should configure the following settings to protect your domain controllers.

 Checklist: Primary settings for securing Domain Controllers
These settings exist under the Computer Configuration|Windows Settings|Security Settings|Local Policies|User Rights Assignment node.
Allow log on locally
Access this computer from the network
These settings exist under the Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options node.
Domain controller: LDAP server signing requirements
Domain member: Digitally encrypt or sign secure channel data
Network access: Allow anonymous SID/Name translation
Network access: Do not allow anonymous enumeration of SAM accounts and shares
Network access: Let Everyone permissions apply to anonymous users

These settings can help protect domain controllers from various attacks. Be sure to test each setting before putting them into your production environment. Not all third party products are designed to support proper credential authentication. These settings will prohibit anonymous connections to domain controllers, which is highly desired.

Read more about domain controller settings in Derek's step-by-step guide.

About the author Derek Melber, MCSE, MVP and CISM, is the director of compliance solutions for DesktopStandard Corp. He has written the only books on auditing Windows security available at The Institute of Internal Auditors' bookstore, and he also wrote the Group Policy Guide for Microsoft Press -- the only book Microsoft has written on Group Policy. You can contact Melber at derekm@desktopstandard.com.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Group Policy
Is a Group Policy setting changing my user rights?
Remote management for Windows system upgrades
Group Policy Object security in Windows
Deny access to Windows system properties with GPOs
How can I use a GPO to manage Windows user rights?
Is a GPO blocking my VPN security scan?
Rights management in Windows: Security expert roundup
How can I use Group Policy to manage proxy servers?
Why don't I have proper Windows Server 2003 rights to open a GPO?
Down the chimney, through the firewall: Holiday quiz

Configuration and Deployment
Minasi talks Vista security, Windows Server 2008 features
Is a Group Policy setting changing my user rights?
How to use a GPO to improve Windows folder security
Remote management for Windows system upgrades
How to recover from lost BitLocker PINs and startup keys
Deny access to Windows system properties with GPOs
Rights management in Windows: Security expert roundup
How to manage network access for single users in AD
Windows server access management in Active Directory
Securely manage Windows file sharing and folder permissions
Configuration and Deployment Research

Authentication
How can I use a GPO to manage Windows user rights?
Windows network rights, password policy and network security testing
Password cracking, network rights and Windows Firewall expert advice
How to manage network access for single users in AD
Windows server access management in Active Directory
File management on a Windows Server 2003 NAS system
Windows Small Business Server 2003 access management
Manage Windows network access in Active Directory
One patch for Active Directory is a doozy
NTFS permissions control: Who will watch the watcher?
Authentication Research

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Group Policy Object  (SearchWindowsSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersIT DownloadsBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2004 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts