Our management is bringing an external security auditor to audit Domain Controllers and a File server that I am managing now, please help I need an expert advice to understand what all are the important security best practices or check list should follow to pass the security audit successfully.
The domain controllers are running on windows 2008 with following:-
3)Global Catalog (GC)
One file server which is ruining on windows 2012 R2 all share level and NTFS permissions are properly configured
So far what did is as follows:-
Security check list for Domain Controllers:-
1)Installed Antivirus:- McAfee VirusScan Enterprise +Antispyware Enterprise
2)Windows is updated to latest
3)Firewall is enabled with appropriate port exceptions
4)DNS is configured with Secure Dynamic Updates and Reverse lookups are properly configured
5)DHCP is Authorized in Active Directory
6)Unused service accounts are deleted and all the administrator group memberships are properly reassigned
7)Password Policies implemented:-
Enforce password history 10 passwords remembered
Maximum password age 30 days
Minimum password age 0 days
Minimum password length 8 characters
Password must meet complexity requirements Enabled
Store passwords using reversible encryption Enabled
8)Account Lockout Policy
Account lockout duration 60 minutes
Account lockout threshold 5 invalid logon attempts
Reset account lockout counter after 60 minutes
9)Implemented GPO to auto lock system after 5 minutes of Idle time
10)Implemented GPO to set Default Desktop wallpaper for all systems
11)This is where I'm stuck.
Expert can you please advise me what all remaining things I have to concentrate to tighten the AD security
Security check list for file server:-
1) Installed Antivirus:- McAfee VirusScan Enterprise +Antispyware Enterprise
2) Windows is updated to latest
3) Firewall is enabled with appropriate port exceptions
4) All shared folder are made Hidden
5) All the shared folders are Assigned with correct share and NTFS permission
6) This is where I'm stuck. Expert can you please advise me what all remaining things I have to concentrate to tighten the File Server security
The goal is to pass the security audit on Domain Controllers and File Server.
Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately.
This Article and the Links apply to…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders.
Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008.
Determine the location of the FSMO roles by lo…