Windows Server 2003 Security: A Technical Reference

In addition to the security configuration that can be done in GPOs and security templates, other items should be addressed:

Group membership— Membership in groups that have administrative privileges should be carefully considered and monitored. Examples of groups to pay particular attention to are Enterprise Admins and Schema Admins. Enterprise Admins can administer every domain in the forest and have additional forest-wide administration privileges not given to Domain Admins. Membership in Enterprise Admins should be restricted. Schema Admins can modify the Active Directory schema, a privilege that should not be given out lightly; in fact, best practices recommend that this group be empty until the need to ...

Get Windows Server 2003 Security: A Technical Reference now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Windows Server 2003 Security: A Technical Reference by Roberta Bragg