ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
19.07.2013 Views
Share Embed Flag

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
leetupload.com

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Active Directory Checklist, V1R1.2 Field Security Operations<br />

22 September 2006 Defense Information Systems Agency<br />

C.1.1 AD Domain Controller Asset Data<br />

As noted above, the asset data for AD Domain Controllers is stored in VMS under Computing<br />

(host) assets that are defined with a Windows server OS Asset Posture and the Domain<br />

Controller Role.<br />

Because Asset Posture data is captured at the time a Windows domain controller is registered in<br />

VMS, no additional asset data needs to be entered to allow AD Domain Controller data (for an<br />

AD implementation review) to be stored. Please refer to the appropriate appendix in the<br />

Windows 2000 Security Checklist and the Windows Server 2003 Security Checklist documents<br />

for details on VMS procedures for defining and accessing the asset data.<br />

C.1.2 AD Domain Asset Data<br />

Asset data for an AD domain is stored in VMS as a Non-Computing asset with the Asset Posture<br />

“Active Directory Domain”. Therefore it is necessary to define a new VMS asset the first time an<br />

AD domain is reviewed.<br />

The following procedure describes the steps needed to access the AD domain VMS asset data.<br />

1. Log on to the VMS application.<br />

2. Select the Asset Finding Maint. menu item.<br />

3. Select the Assets / Findings menu item.<br />

4. [SAs] Expand the By Location branch, navigate to the correct location, and expand the<br />

location.<br />

[Reviewers] Expand the Visit branch, navigate to the correct visit, and expand the visit.<br />

5. Expand the Non-Computing item.<br />

6. If a new Active Directory Domain asset needs to be created:<br />

a. Select the Create Non-Computing Asset icon.<br />

b. Enter the asset information on the General tab:<br />

- It is highly recommended that the format<br />

“AD-Domain(fully-qualified-domain-name)” be used in the Display Name field<br />

so that future automation efforts are more easily implemented. The fullyqualified-domain-name<br />

is the DNS-style name of the domain. An example of<br />

this format is: “AD-Domain(aofn21.disa.mil)”.<br />

- The Classification, MAC, and Confidentiality fields should reflect the highest<br />

levels for any of the servers or workstations that are members of the AD<br />

domain.<br />

c. Enter the asset information on the Systems / Enclaves tab:<br />

- Determine the enclave in which the asset resides. For registered enclaves, select<br />

the enclave from the Available Enclaves list. If the enclave is not present,<br />

ensure that the IAM or Team Lead works with the appropriate site personnel to<br />

request an enclave.<br />

d. Enter the asset information on the Additional Details tab.<br />

UNCLASSIFIED<br />

C-2

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!