Announcement

Collapse
No announcement yet.

Baseline Security Configuration for Envionments Where Users are Local Administrators

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Baseline Security Configuration for Envionments Where Users are Local Administrators

    Greetings,

    I'm joining computers that have never been managed with a domain to a new domain. After some discussion with the different parties involved, it seems that for the time being we will have to allow domain users to log in as local administrators (this is, unfortunately, a non-negotiable point).

    My question is, does anybody know of any websites, white papers, etc. that make general recommendations as to how to harden client security using domain policy (and perhaps other techniques) in environments where users are logging in as local administrators? (NOTE: domain controller is Windows 2k3 R2, there are 2000, XP, and Vista clients). I know that this is a difficult question to address without knowing anything about my environment, but lets just say that the users are not doing anything fancy with regards to their day-to-day work (e.g. opening and editing Microsoft Office documents, accessing files on a file share, etc.).

  • #2
    Re: Baseline Security Configuration for Envionments Where Users are Local Administrat

    This is worth reviewing.

    http://technet.microsoft.com/en-us/l.../dd162275.aspx

    Comment


    • #3
      Re: Baseline Security Configuration for Envionments Where Users are Local Administrat

      Virtual, thank you for your suggestion, it looks very promising.

      For anybody else that may be looking for documentation, I am also reviewing security benchmark documents by CIS and NSA:

      http://www.cisecurity.org/bench_windows.html
      http://www.nsa.gov/ia/guidance/secur..._systems.shtml

      Comment


      • #4
        Re: Baseline Security Configuration for Envionments Where Users are Local Administrat

        Looks interesting. Thanks for the post back.

        Another good standard to adhere to is this.

        https://www.pcisecuritystandards.org/

        Comment

        Working...
        X