See: http://www.cisecurity.org/tools2/win2000/CIS_Win2003_DC_Benchmark_v1.2.pdf Happy reading. Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Edwin Sent: Sat 3/4/2006 7:17 PM To: [email protected] Subject: [ActiveDir] How Secure is a Domain Controller? How Secure is a Domain Controller that is fully patched on a default install of Windows 2003? When promoted the domain controller has the two default policies, both of which are recommended not to be modified. But there are things that could be done better for added security. For example, NTLMv2 refuse NTLM and LM. Is it common practice to add additional GPO's to the DC OU? Or is DC protected enough to where all that is needed to worry about are the member machines? If adding additional GPO's to the DC OU, is there anything that should definitely be avoided? Edwin List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
