Tips for Security Active Directory

1. Document What You Have
2. Control Your Administration
3. Limit the Number of Administrators
4. Test Group Policy Settings
5. Use Separate Administrative Accounts
6. Restrict Elevated Built-In Groups
7. Use a Dedicated Terminal Server for Administration
8. Disable Guest and Rename Administrator
9. Limit Access to the Administrator Account
10. Watch the DSRM Password
11. Enforce Strong Password Rules
12. Protect the Service Account’s Password
13. Make Sure that Each DC is Physically Secure
14. Minimize Unnecessary Services and Open Ports
15. Make the DC Time Source Secure
16. Audit Important Events
17. Use IPsec
18. Don’t Store LAN Manager Hash Values
19. Don’t Forget Your Business Practices

This was obtained from May volume of Microsoft Technet Magazine. The full article can be obtained by visiting

http://www.microsoft.com/technet/technetmag/issues/2006/05/SmartTips/default.aspx