Securing a Domain Controller and naming

Im am about to rebuild two window 2003 domain controllers and have a question about securing/naming them.  Are there best practices as far as security goes for naming a server?  I know a lot of people use themes to name their servers.  We have our own standard, but by looking at the name of the servers you could probably pick out the dc's.  But, even if you cant figure out which computer is the dc by looking at the name, if an attacker can get into the AD schema, they will certainly be able to find out the dc names, not that it would probably matter at that point.  Any recommendation on server naming and securing the dc's?  Also, is there a way to hide a computer from network neighbor hood?
LVL 1
ohmErnieAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TheCleanerCommented:
I name all my servers like this:

state code - city code - role - ascending number

So for a domain controller in Detroit, Michigan it would be called:

MIDETDC01

Works well when you have hundreds... :)

As far as securing them down....I recommend installing Sp1 on them, getting them fully configured, then running the SCW (security configuration wizard) on them.

More info:

http://www.windowsecurity.com/articles/Securing_Server_2003_Domain_Controllers.html

http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JammyPakCommented:
I think that the name you give a server is pretty far down the list in terms of how to secure it...but, I would certainly recommend not making your names too obvious - particularly for anything you're putting in a public DNS (don't use VPN, RAS, etc in the host name!)

To hide a server from network neighbourhood:

NET CONFIG SERVER /HIDDEN:YES
Kini pradeepDevelopment ManagerCommented:
there is no definite way to secure the DC, but yes there are several ways of securing the domain or the enterprise.

run MBSA and keep all the security updates up to date.
you can use certificates and PKI as well and also use IPsec.
these are just a few ways there could be several more.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.