Securing the Domain Controller Build Environment
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2
The domain controller build environment is the network environment (routers, network segments, switches, and so forth) and physical room (datacenter, secured room, wiring closet, utility closet, and so forth) in which you build your domain controllers. Depending on your IT organizational infrastructure, you might have a centralized datacenter that is secure, both from a network and physical perspective. Alternatively, your IT organization infrastructure might have locations that are not secure from either perspective, such as branch offices.
Building Domain Controllers in Datacenter Environments
Whenever possible, build your domain controllers in a secure environment, such as a datacenter. Building your domain controllers in a secure datacenter environment reduces security risks by restricting domain controller access to trusted personnel during the critical build process. This security helps prevent rogue applications, drivers, services, or configurations from being introduced by unauthorized personnel.
If possible, build domain controllers in a datacenter environment, and then ship them to the final location for deployment. This deployment approach is referred to as a staged domain controller deployment.
To help ensure that a domain controller stays secure until deployment, use a trusted shipping method to ship the domain controller to the final location. For example, use a method that requires signatures for the domain controller at the origination and destination locations. Building and shipping the domain controller this way will help protect the integrity of the domain controller.
For more information about building or staging domain controllers, see the Active Directory Branch Office Planning Guide on the Web Resources page at https://go.microsoft.com/fwlink/?LinkId=28523.
Building Domain Controllers in Branch Office Environments
If your organization supports branch offices, in some instances you might need to build domain controllers in this relatively insecure environment. For example, you might need to replace a failed domain controller on-site. Table 4 lists recommendations and the corresponding rationales for building domain controllers in branch offices.
Table 4 Recommendations for Building Domain Controllers in Branch Offices
| Recommendation | Rationale | |
|---|---|---|
|
Limit physical access to domain controllers to trusted personnel only. |
To avoid the theft of directory data or the possibility of an altered, less secure domain controller configuration through human intervention. |
|
|
Use an automated method, such as a script, for operating system installation and Active Directory installation. |
To reduce the possibility of human intervention, which could result in a vulnerable domain controller configuration. |
|
|
Promote and operate new domain controllers in a restricted access area. |
To prevent unauthorized users from compromising the security of the domain controller. |
|