Example: Creating a Foundation for Authentication

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

An organization that includes 2,100 users and 3,700 computers created an authentication strategy when they deployed Windows Server 2003 in their environment. Because computers in their environment are running versions of the Windows operating system earlier than Windows 2000, they need to support LAN Manager authentication. They decided to make members of the help desk staff and the Administrators group responsible for user account management, and delegated computer account management to the help desk staff.

The organization secured their service accounts by running only required services on domain controllers and restricting the number of individuals who are able to administer services. They assigned the Log on locally, Access this computer from the network, and Log on over network rights to Domain Admins and Domain Users, but not to Guest accounts, to protect the security of their system. They granted the Reset accounts and Create account policies to help desk staff to reduce the administrative burden on domain administrators.

Figure 14.3 shows the worksheet that the organization created to document their authentication strategy plan.

Figure 14.3   Example of an Authentication Strategy Planning Worksheet