Export (0) Print
Expand All

Best Practices for Securing Name Resolution

Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

Microsoft System Center Configuration Manager 2007 relies on name resolution to locate Configuration Manager 2007 services. For more information about service location, see Configuration Manager and Service Location (Site Information and Management Points).

Do not rely on WINS for name resolution     WINS is not considered a secure method of name resolution because there are no mitigations to prevent attackers from modifying the WINS database, spoofing WINS traffic on the network, or reading the WINS data as it traverses the network. Extend the Active Directory schema for Configuration Manager 2007 to provide more secure lookup for Configuration Manager 2007 services and site systems, and use Active Directory-integrated Domain Name Service (DNS) to provide more secure name resolution.

Specify FQDNs for all site systems and senders    If you specify only a short name when configuring site systems and sender addresses, either NetBIOS or host name, Configuration Manager 2007 will attempt to locate the resource using the DNS search suffixes and using NetBIOS name resolution. Specifying the fully qualified domain name (FQDN) reduces the likelihood that an attacker can impersonate the destination site server by spoofing the name or using a WINS attack. For more information, see Determine If You Will Use FQDN Server Names.

See Also

For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft