Scope of This Guide (Best Practices for Securing Active Directory Installations)
Updated: December 2, 2007
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2
Although NOS security relies on secure design principles and operating practices for all components in the operating system, the scope of this guide is limited to recommendations for deploying and securing Active Directory domain controllers. Other security topics, such as planning for secure network connectivity and secure clients, are not addressed in this guide. For more information about planning for secure network connectivity and secure clients, see "Planning a Secure Environment," "Designing a Public Key Infrastructure," and "Planning a Smart Card Deployment" in Designing and Deploying Directory and Security Services of the Microsoft® Windows® Server 2003 Deployment Kit (or see "Planning a Secure Environment" on the Web at http://go.microsoft.com/fwlink/?LinkId=20374, "Designing a Public Key Infrastructure" on the Web at http://go.microsoft.com/fwlink/?LinkId=4735, and "Planning a Smart Card Deployment" on the Web at http://go.microsoft.com/fwlink/?LinkId=4736).
The process flow that is described in this guide is designed to create a secure domain controller environment by providing guidelines for Active Directory deployment and administrative policies and practices. These guidelines can be applied to both new and existing Active Directory infrastructures. In addition, because Domain Name System (DNS) is an integral component of Active Directory, this guide also includes guidelines for administrative policies and practices for DNS on a domain controller. For more information, see "Securing DNS" later in this guide.
Figure 1 depicts the process flow for the recommendations in this guide.