Solved

Windows 2008 Active Directory Harden

Posted on 2013-06-25
4
502 Views
Last Modified: 2013-07-10
My 2008 active directory is pretty basic.  I would like to substantially harden it from a security perspective for the users.  Any suggestions?
0
Comment
Question by:deklinm
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 167 total points
ID: 39276256
Take a look at the two documents I referenced in the blog below

http://adisfun.blogspot.com/2013/05/software-on-domain-controllers.html

If you want to look at DoD/military standards take a look at the DISA STIGS

http://iase.disa.mil/stigs/os/windows/2008r2.html

Also download security compliance manager   http://technet.microsoft.com/en-us/solutionaccelerators/cc835245.aspx

Lots of great guides to help you lockdown the system.



Thanks

Mike
0
 
LVL 9

Assisted Solution

by:MHMAdmins
MHMAdmins earned 167 total points
ID: 39276260
I would lock down permissions on your AD to users with read, and your domain admin with full control over the AD console. You can do this by right clicking on the OU container and go to the security tab and verify your permissions in the DACL.
0
 
LVL 13

Assisted Solution

by:Jaihunt
Jaihunt earned 166 total points
ID: 39277535
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39280008
Hi.

Sometimes I wonder if we should not start abandoning these buzz words: "hardening", "lockdown" and so on: nobody defines what he is looking for anymore.

"harden it for the users" - what should that mean? Making it somewhat harder for the users to... to...? Please clarify what you are looking for: what are you trying to protect against whom/against what threat and what technical difficulties do you see doing so that we can assist you with?
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now