Implementing Security on Domain Controllers
To prevent attacks against Windows 2000 and Windows Server 2003 domain controllers, you must implement security measures that lessen the vulnerabilities. These security measures range from physically securing domain controllers to prevent direct access by attackers to logically configuring domain controllers to reduce threats. Specifically, you must take the following security measures to secure Windows 2000 and Windows Server 2003 domain controllers:
Provide physical security.
Increase the security of stored passwords.
Eliminate nonessential services.
Apply security settings by using Group Policy.
Protect against the failure of a domain controller.
Implement Syskey.
Secure built-in accounts and groups. ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
