Single forest with multiple child domains. Roughly 10K users forest wide. AD db is roughly 200MB
Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: [email protected] Phone: 610-807-6459 Fax: 610-807-6003 _____ From: [email protected] [mailto:[email protected]] Sent: Thursday, April 23, 2009 10:07 AM To: NT System Admin Issues Subject: Re: Win2k8-Gold Build Question Just curious of your forest\domain setup. Are you single forest single domain? How many users? how large is your DIT file? I am trying to plan partition sizes for 2008 now as well. On Thu, Apr 23, 2009 at 8:18 AM, Christopher Bodnar <[email protected]> wrote: I am not recommending any of these settings, just passing on our choices: Our standard 2003 build used a 17G partition, we bumped this up to 34G for 2008. Mostly due to the size of the Winsxs directory and the inability to really manage it's size. Disable IPv6 Disable Link-layer Topology Discovery Mapper I/IO Driver Disable Link-layer Topology Discovery Responder Disable UAC Disable IE ESC for Administrators Page file on separate partition Enable PAE YMMV Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: [email protected] Phone: 610-807-6459 Fax: 610-807-6003 -----Original Message----- From: Juned Shaikh [mailto:[email protected]] Sent: Thursday, April 23, 2009 12:00 AM To: NT System Admin Issues Subject: Win2k8-Gold Build Question Am sure many on these must have gone to similar exercise.. Finally got an approval to build a gold win2k8std-image for generic server rollout, but had to review and advice on all available guidelines and best practices. And I would like to tap on this vast knowledge pool of this list: Considering, I am building a gold VM - Win2k8 Std.. 1) What should be the standard C drive.. (base install itself gobbles over 10GB) 2) What are the current published and credible hardening guidelines? 3) What security template tweaks everyone on this list has done on their builds ? 4) What Roles and features should be part of standard build.. i.e. Powershell, Telnet client? 5) Firewall rules: Apart from allowing ICMP response and RDP.. what else should be allowed? I know it has many variations, but any pointers will be much appreciated. Thanks in advance, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
