From Windows PAW Security Technical Implementation Guide
Part of PAW-00-001300
Associated with: CCI-000366 CCI-001082
Domain controllers (DC) are usually the most sensitive, high-value IT resources in a domain. Dedicating a PAW to be used solely for managing domain controllers will aid in protecting privileged domain accounts from being compromised.
If domain controllers and directory services are only managed with local logons to domain controllers, not remotely, this requirement is not applicable. Discuss with the Information System Security Manager (ISSM) or PAW system administrators and review any available site documentation. Verify that a site has designated specific PAWs for the sole purpose of remote management of domain controllers and directory service servers. Review any available site documentation. Verify that any PAW used to manage domain controllers and directory services remotely are used exclusively for managing domain controllers and directory services. If the site has not designated specific PAWs for the sole purpose of remote management of domain controllers and directory service servers, this is a finding. If PAWs used for managing domain controllers and directory services are used for additional functions, this is a finding.
Set aside one or more PAWs for remote management of Active Directory. Ensure they are used only for the purpose of managing directory services. Otherwise, use the local domain controller console to manage Active Directory.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer