ActiveDirSec.Org

A global online community of Active Directory Security Professionals


 
 
ActiveDirSec.Org -> Domain Controller Security -> Should Domain Controllers be placed in Separate Server rooms?
Post InfoTOPIC: Should Domain Controllers be placed in Separate Server rooms?
Andy



Newbie

Posts: 1
Date: June 11th
Should Domain Controllers be placed in Separate Server rooms?
 

Hi Y'all,

 

I am interested in learning about your thougts on protecting domain controllers (DCs), in particularly in determining whether should be placed in separate server rooms.

Currently all our DCs reside in the data center along with other web, database and application servers and the entire datacenter is managed by a team of IT server operators (about 30 or so) all of whom have equal access to all servers including all DCs. Not all of them are Domain Admins though, but I believe they are all part of the Server Operators Builtin group in our domain.

As we evaluate the security of our environment, the question of whether to move all DCs into a separate room, and under the administration of only a handful of Domain Admins came up, and thus my question.

Are we taking on any additional risk by letting them be in the data center, or should be moving  them to a special designated room?

 

Thanks,

Andy

__________________
Music is the soul of life!
Page 1 of 1 sorted by
 

Quick Reply
Please log in to post quick replies.
ActiveDirSec.Org -> Domain Controller Security -> Should Domain Controllers be placed in Separate Server rooms?
Jump To:


Post to Del.icio.usPost to FacebookPost to Digg

Members Login
Username
 
Password


Brought to you by former Microsoft Program Manager for Active Directory Security, author of Microsoft's official delegation whitepaper and architect of Gold Finger, the world's first and only accurate security and access Active Directory reporting tool featuring 100 essential security and delegated access reports.