Securing a Domain Controller and naming

Posted on 2006-03-23
Last Modified: 2013-12-04
Im am about to rebuild two window 2003 domain controllers and have a question about securing/naming them.  Are there best practices as far as security goes for naming a server?  I know a lot of people use themes to name their servers.  We have our own standard, but by looking at the name of the servers you could probably pick out the dc's.  But, even if you cant figure out which computer is the dc by looking at the name, if an attacker can get into the AD schema, they will certainly be able to find out the dc names, not that it would probably matter at that point.  Any recommendation on server naming and securing the dc's?  Also, is there a way to hide a computer from network neighbor hood?
Question by:ohmErnie
    LVL 23

    Accepted Solution

    I name all my servers like this:

    state code - city code - role - ascending number

    So for a domain controller in Detroit, Michigan it would be called:


    Works well when you have hundreds... :)

    As far as securing them down....I recommend installing Sp1 on them, getting them fully configured, then running the SCW (security configuration wizard) on them.

    More info:

    LVL 16

    Assisted Solution

    I think that the name you give a server is pretty far down the list in terms of how to secure it...but, I would certainly recommend not making your names too obvious - particularly for anything you're putting in a public DNS (don't use VPN, RAS, etc in the host name!)

    To hide a server from network neighbourhood:

    LVL 13

    Expert Comment

    by:Kini pradeep
    there is no definite way to secure the DC, but yes there are several ways of securing the domain or the enterprise.

    run MBSA and keep all the security updates up to date.
    you can use certificates and PKI as well and also use IPsec.
    these are just a few ways there could be several more.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    26 Experts available now in Live!

    Get 1:1 Help Now