ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
Share Embed Flag
Download ePaper

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

leetupload.com
from leetupload.com More from this publisher
19.07.2013 Views

Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency This page intentionally blank. UNCLASSIFIED 2-26

Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency 3. SYSTEM ADMINISTRATOR / INFORMATION ASSURANCE OFFICER INTERVIEW QUESTIONS This section of the Checklist provides questions that must be asked of the System Administrator (SA) or the Information Assurance Officer (IAO) in an interview during the review. The responses to these questions may be recorded on a copy of the Review Results Report in Section 2. 3.1 Review Process Information The text in this section identifies a single individual, by role, to respond to the interview questions. In most cases this is the IAM or IAO. However, it is understood that in many cases the information will come from an SA or application SA. The following items should be available to accelerate the interview process: - Locations of AD forest root FSMO domain controllers [This includes the Windows server(s) holding the Domain Naming Master, Schema Master, PDC Emulator, RID Master, and Infrastructure Master FSMO roles.] - Locations of AD domain controllers and AD sites, relative to the local Enclave network boundaries - Lists of accounts assigned to AD privileged groups (Domain Admins, Enterprise Admins, Schema Admins, Group Policy Creator Owners, and Incoming Forest Trust Builders) - List of accounts with the right to create AD objects (e.g., accounts, printers), but that are not members of the built-in AD privileged groups. - Backup and continuity of operations or disaster recovery documents related to the Windows domain controllers - Information about specific directory synchronization and maintenance applications that are implemented. This includes products such as CPS Systems SimpleSync, Microsoft Identity Integration Server (MIIS), and Microsoft Identity Integration Feature Pack (IIFP). Please note that it would be significantly more efficient to gather this information prior to the start of a review. Appendix B Section B.1, Pre-Trip Information Gathering, provides lists of interview questions and documentation items that should be used in advance to assemble the required information. Please reference Appendix D, Directory Information Gathering, for tools and procedures that can be used to gather some of the information required for a review. In particular, Section D.1.3, Identifying Holders of FSMO Roles, can be used to gather the current FSMO information for the AD environment. UNCLASSIFIED 3-1

Active Directory Checklist, V1R1.2 Field Security Operations<br />

22 September 2006 Defense Information Systems Agency<br />

This page intentionally blank.<br />

UNCLASSIFIED<br />

2-26

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!