The world's most trusted forum on Active Directory Security
I would like to request some assistance in obtaining a list of server hardening guidelines for Domain Controllers, as we are reviewing our Active Directory for potential threats/risks, and wish to enhance the security afforded to our DCs.
We have already taken steps to ensure the physical security of all our DCs, including those placed in our branch offices. We have also placed firewalls in front of our DCs and adequately configured them for optimal security.
However, we are a little unsure as to how to harden the DCs themselves. For example, what file systems ACLs to set, what group policies to set, what services to disable and what applications not to run on our DCs.
Instead of reinventing the wheel, I thought of seeking your input on this forum, as it seems like many others on this forum would probably have deal with this requirement in their experience.
If you could kindly share some thoughts and ideas, it would be helpful and appreciated.