Securing Server 2003 Domain Controllers

I have a new article up on the Windowsecurity.com Web site that contains some tips on how to make your Windows Server 2003 domain controllers more secure. As home networks become more and more sophisticated, I run into a lot of people who are “doing Windows domains” at home, often hosting their own Web sites and Exchange servers.

DCs present some special security problems, because they contain information that is not only security sensitive (such as user account passwords) but also critical to the operation of your network. It's important to give special attention to protecting them from intrusion or attack. Luckily, Server 2003 comes out of the box with many built-in security features, expanding on the security initiative that Microsoft began in earnest with Windows 2000.

The article addresses just a few of the important issues related to DC security, starting with (often overlooked) physical security measures. It also details how to move the Active Directory database and how to protect password information with the Syskey utility.

To read the full article, see http://www.windowsecurity.com/articles/Securing_Server_2003_Domain_Controllers.html.