Securing a Domain Controller and naming

Im am about to rebuild two window 2003 domain controllers and have a question about securing/naming them.  Are there best practices as far as security goes for naming a server?  I know a lot of people use themes to name their servers.  We have our own standard, but by looking at the name of the servers you could probably pick out the dc's.  But, even if you cant figure out which computer is the dc by looking at the name, if an attacker can get into the AD schema, they will certainly be able to find out the dc names, not that it would probably matter at that point.  Any recommendation on server naming and securing the dc's?  Also, is there a way to hide a computer from network neighbor hood?
Who is Participating?
I name all my servers like this:

state code - city code - role - ascending number

So for a domain controller in Detroit, Michigan it would be called:


Works well when you have hundreds... :)

As far as securing them down....I recommend installing Sp1 on them, getting them fully configured, then running the SCW (security configuration wizard) on them.

More info:

I think that the name you give a server is pretty far down the list in terms of how to secure it...but, I would certainly recommend not making your names too obvious - particularly for anything you're putting in a public DNS (don't use VPN, RAS, etc in the host name!)

To hide a server from network neighbourhood:

Kini pradeepPrincipal Cloud and security consultantCommented:
there is no definite way to secure the DC, but yes there are several ways of securing the domain or the enterprise.

run MBSA and keep all the security updates up to date.
you can use certificates and PKI as well and also use IPsec.
these are just a few ways there could be several more.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.