ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
19.07.2013 Views
Share Embed Flag

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
leetupload.com

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Active Directory Checklist, V1R1.2 Field Security Operations<br />

22 September 2006 Defense Information Systems Agency<br />

3. SYSTEM ADMINISTRATOR / INFORMATION ASSURANCE OFFICER<br />

INTERVIEW QUESTIONS<br />

This section of the Checklist provides questions that must be asked of the System Administrator<br />

(SA) or the Information Assurance Officer (IAO) in an interview during the review. The<br />

responses to these questions may be recorded on a copy of the Review Results Report in<br />

Section 2.<br />

3.1 Review Process Information<br />

The text in this section identifies a single individual, by role, to respond to the interview<br />

questions. In most cases this is the IAM or IAO. However, it is understood that in many cases the<br />

information will come from an SA or application SA.<br />

The following items should be available to accelerate the interview process:<br />

- Locations of AD forest root FSMO domain controllers<br />

[This includes the Windows server(s) holding the Domain Naming Master, Schema<br />

Master, PDC Emulator, RID Master, and Infrastructure Master FSMO roles.]<br />

- Locations of AD domain controllers and AD sites, relative to the local Enclave network<br />

boundaries<br />

- Lists of accounts assigned to AD privileged groups (Domain Admins, Enterprise Admins,<br />

Schema Admins, Group Policy Creator Owners, and Incoming Forest Trust Builders)<br />

- List of accounts with the right to create AD objects (e.g., accounts, printers), but that are<br />

not members of the built-in AD privileged groups.<br />

- Backup and continuity of operations or disaster recovery documents related to the<br />

Windows domain controllers<br />

- Information about specific directory synchronization and maintenance applications that<br />

are implemented. This includes products such as CPS Systems SimpleSync, Microsoft<br />

Identity Integration Server (MIIS), and Microsoft Identity Integration Feature Pack<br />

(IIFP).<br />

Please note that it would be significantly more efficient to gather this information prior to the<br />

start of a review. Appendix B Section B.1, Pre-Trip Information Gathering, provides lists of<br />

interview questions and documentation items that should be used in advance to assemble the<br />

required information.<br />

Please reference Appendix D, Directory Information Gathering, for tools and procedures that can<br />

be used to gather some of the information required for a review. In particular, Section D.1.3,<br />

Identifying Holders of FSMO Roles, can be used to gather the current FSMO information for the<br />

AD environment.<br />

UNCLASSIFIED<br />

3-1

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!