Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows 2008 Active Directory Harden

Posted on 2013-06-25
4
Medium Priority
?
519 Views
Last Modified: 2013-07-10
My 2008 active directory is pretty basic.  I would like to substantially harden it from a security perspective for the users.  Any suggestions?
0
Comment
Question by:deklinm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 668 total points
ID: 39276256
Take a look at the two documents I referenced in the blog below

http://adisfun.blogspot.com/2013/05/software-on-domain-controllers.html

If you want to look at DoD/military standards take a look at the DISA STIGS

http://iase.disa.mil/stigs/os/windows/2008r2.html

Also download security compliance manager   http://technet.microsoft.com/en-us/solutionaccelerators/cc835245.aspx

Lots of great guides to help you lockdown the system.



Thanks

Mike
0
 
LVL 9

Assisted Solution

by:MHMAdmins
MHMAdmins earned 668 total points
ID: 39276260
I would lock down permissions on your AD to users with read, and your domain admin with full control over the AD console. You can do this by right clicking on the OU container and go to the security tab and verify your permissions in the DACL.
0
 
LVL 13

Assisted Solution

by:Jaihunt
Jaihunt earned 664 total points
ID: 39277535
0
 
LVL 56

Expert Comment

by:McKnife
ID: 39280008
Hi.

Sometimes I wonder if we should not start abandoning these buzz words: "hardening", "lockdown" and so on: nobody defines what he is looking for anymore.

"harden it for the users" - what should that mean? Making it somewhat harder for the users to... to...? Please clarify what you are looking for: what are you trying to protect against whom/against what threat and what technical difficulties do you see doing so that we can assist you with?
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Here's a look at newsworthy articles and community happenings during the last month.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

671 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question