From: "Sullivan Tim P" <tim.sullivan (at) nativemode (dot) com [email concealed]>
>To: <focus-ms (at) securityfocus (dot) com [email concealed]>
>
>I am in need of some supporting documentation relating to Domain
>Controllers.
>
>The situation is this. A medium sized school would like their single DC
>to also be a file server. This DC would be serving about 300 people,
>along with another file server and an email server.
>
>My initial recommendation is multiple domain controllers for the simple
>reason of fault tolerance of the schema. They buy this.
>
>However, they would like to see technical documentation saying that it
>is not a good idea to have a domain controller share roles as a DC and a
>file server.=20
>
>One of my main concerns, aside from load, is that high school age kids
>are using the network. They like to poke and prod. I would rather them
>not even poke at the DC. Also, as the DC has no local security database,
>you can no longer use permission assignment best practice. To me it just
>seems like a bad idea, but I need documentation to back it up.
>
>Can anyone offer resources to illustrate this? I am scouring technet and
>the MS AD deployment docs now.
>
>Thanks,
>Tim
>
>=20
>
>______________________
>Tim Sullivan
>Nativemode Technologies
>(623) 910-4700
>tim (at) nativemode (dot) com [email concealed]
>
>-----------------------------------------------------------------------
----
>-----------------------------------------------------------------------
----
>
>
Hi Tim there are some very good Guides avcailable from the NSA for free on their website that should give you just what you need.
Quote from the AD Guide
"Domain controllers contain sensitive information, such as copies of users? secret keys used for domain authentication. Therefore, the security of domain controllers should be a high priority."
You may want to look at several of the guides to get what you need all in one spot
links follow:
All Guides: Many to choose from !!!!
http://www.nsa.gov/snac/downloads_all.cfm?MenuID=scg10.3.1
MS - AD Guide
http://www.nsa.gov/snac/os/win2k/w2k_active_dir.pdf
Hope this helps!
Matthew S Barnes
bFinity Incorporated
www.bfinity.net
>To: <focus-ms (at) securityfocus (dot) com [email concealed]>
>
>I am in need of some supporting documentation relating to Domain
>Controllers.
>
>The situation is this. A medium sized school would like their single DC
>to also be a file server. This DC would be serving about 300 people,
>along with another file server and an email server.
>
>My initial recommendation is multiple domain controllers for the simple
>reason of fault tolerance of the schema. They buy this.
>
>However, they would like to see technical documentation saying that it
>is not a good idea to have a domain controller share roles as a DC and a
>file server.=20
>
>One of my main concerns, aside from load, is that high school age kids
>are using the network. They like to poke and prod. I would rather them
>not even poke at the DC. Also, as the DC has no local security database,
>you can no longer use permission assignment best practice. To me it just
>seems like a bad idea, but I need documentation to back it up.
>
>Can anyone offer resources to illustrate this? I am scouring technet and
>the MS AD deployment docs now.
>
>Thanks,
>Tim
>
>=20
>
>______________________
>Tim Sullivan
>Nativemode Technologies
>(623) 910-4700
>tim (at) nativemode (dot) com [email concealed]
>
>-----------------------------------------------------------------------
----
>-----------------------------------------------------------------------
----
>
>
Hi Tim there are some very good Guides avcailable from the NSA for free on their website that should give you just what you need.
Quote from the AD Guide
"Domain controllers contain sensitive information, such as copies of users? secret keys used for domain authentication. Therefore, the security of domain controllers should be a high priority."
You may want to look at several of the guides to get what you need all in one spot
links follow:
All Guides: Many to choose from !!!!
http://www.nsa.gov/snac/downloads_all.cfm?MenuID=scg10.3.1
MS - AD Guide
http://www.nsa.gov/snac/os/win2k/w2k_active_dir.pdf
Hope this helps!
Matthew S Barnes
bFinity Incorporated
www.bfinity.net
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]