Checklist Summary: The Windows Server 2012 / 2012 R2 Member Server Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements were developed from DoD consensus as well as Windows security guidance by Microsoft Corporation. This document is. Windows Defender: Microsoft's Windows Server Antimalware application is installed by default in Windows Server 2016 in an effort to detect and neutralize malware threats in real-time with.
![]() -->
Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
The forest owner is responsible for creating a domain design for the forest. Creating a domain design involves examining the replication requirements and the existing capacity of your network infrastructure and then building a domain structure that enables Active Directory Domain Services (AD DS) to function in the most efficient way. Domains are used to partition the directory so that the information in the directory can be distributed and managed efficiently throughout the enterprise. The goal for your domain design is to maximize the efficiency of the Active Directory replication topology while ensuring that replication does not use too much available network bandwidth and does not interfere with the daily operation of your network.
In this section
we've found that using some different lists for different steps helps keep it manageable:
1. Planning - do naming convention,ip address, vlan, location - all that fun stuff here
2. OS - choose from seperate checklists for Windows/Linux/VMware etc. Have things like your logging clients/management setup here, as well as anything else you do to every server of that OS
3. Documentation - write up how-tos for whatever is setup on the server, make sure the previous checklists are actually completed
![]()
One other note: GPOs shouldn't need to be touched for each server, as long as the computer object is in the right security groups and OU, you should be able to leave it alone. You can do RDP security, disabling guest and windows updates through GPO as well - the fewer manual steps the better!
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |