Best Practices
Physically secure domain controllers. All domain controllers should be stored in network server rooms secure from unauthorized personnel. A domain controller should not be used as a desktop computer. The domain controllers ideally should be stored in a card-key-access room where access is restricted to network administrators.
Leave domain controller computer accounts in the Domain Controllers OU. Domain controllers should have consistent application of security settings. You can ensure that the same security settings are applied to all domain controllers by keeping domain controllers in a common OU. The Domain Controllers OU is defined by default as the Active Directory storage location for domain controller computer accounts. ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
