We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Securing a Domain Controller and naming

ohmErnie
ohmErnie asked
on
Medium Priority
156 Views
Last Modified: 2013-12-04
Im am about to rebuild two window 2003 domain controllers and have a question about securing/naming them.  Are there best practices as far as security goes for naming a server?  I know a lot of people use themes to name their servers.  We have our own standard, but by looking at the name of the servers you could probably pick out the dc's.  But, even if you cant figure out which computer is the dc by looking at the name, if an attacker can get into the AD schema, they will certainly be able to find out the dc names, not that it would probably matter at that point.  Any recommendation on server naming and securing the dc's?  Also, is there a way to hide a computer from network neighbor hood?
Comment
Watch Question

I name all my servers like this:

state code - city code - role - ascending number

So for a domain controller in Detroit, Michigan it would be called:

MIDETDC01

Works well when you have hundreds... :)

As far as securing them down....I recommend installing Sp1 on them, getting them fully configured, then running the SCW (security configuration wizard) on them.

More info:

http://www.windowsecurity.com/articles/Securing_Server_2003_Domain_Controllers.html

http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Commented:
I think that the name you give a server is pretty far down the list in terms of how to secure it...but, I would certainly recommend not making your names too obvious - particularly for anything you're putting in a public DNS (don't use VPN, RAS, etc in the host name!)

To hide a server from network neighbourhood:

NET CONFIG SERVER /HIDDEN:YES
Kini pradeepDevelopment Manager
CERTIFIED EXPERT

Commented:
there is no definite way to secure the DC, but yes there are several ways of securing the domain or the enterprise.

run MBSA and keep all the security updates up to date.
you can use certificates and PKI as well and also use IPsec.
these are just a few ways there could be several more.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.