The world's most trusted forum on Active Directory Security

Post Info TOPIC: Privileged Account Management in Active Directory Environments


Posts: 4
Date: Aug 5, 2013
Privileged Account Management in Active Directory Environments

Hello Forum,

We are in the process of hardening our internal Active Directory security controls, and as a part of this project, one of the things we are working on is Privileged Account Management in our Active Directory environment.

The priority of this project has recently been raised by management in light of a whitepaper released by Microsoft IT on Active Directory Security. They (management) have requested a status update of current AD security state, as well as assigned some specific projects, including this one, so we are trying to get this done on a priority basis.

We have a decent idea of what this entails, but thought would get some additional inputs so as to ensure that we're not missing out any major aspect of this crticial AD security control. I would appreciate it if you could look at our list below and let us know if we are missing anything -

1. Secure the Domain Admins, Enterprise Admins and Builtin Admins groups

2. Enumerate complete membership of these privileged AD admin security groups

3. Try to reduce the membership of these groups to minimum possible level

4. Establish secure administrative practives for all members of these groups

5. Identify who can manage (change) these security group memberships

5. Enable auditing of group membership changes for each of these groups

While this may seem like a simplistic list, we are going into suffficient details in this regard, so I have not mentioned the details, but merely the main points we are looking at.

If anyone feels that we might be missing any big ticket item on this list, kindly share your thoughts. Also, any additional/helpful ideas/thoughts always welcome!

I look forward to and thank you all for your inputs.


Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Post to Digg Post to
Members Login
    Remember Me