Locking down a native AD environment

Discussion in 'Server Security' started by Mike Herchel, Jun 18, 2004.

  1. Mike Herchel

    Mike Herchel Guest

    Hi,

    After running a port/vulnerability scan using LANguard Network
    Scanner, I found that LM Hash is enabled on all of the computers in my
    domain. According to Microsoft, "the LM hash is relatively weak compared to
    the NT hash, and it is therefore prone to fast brute force attack." So, I
    disabled this via Group Policy by following the directions in
    http://support.microsoft.com/default.aspx?scid=KB;EN-US;q299656& (we don't
    have any legacy clients that this will affect).



    I'm currently reading "Best Practice Guide for Securing Active
    Directory Installations and Day-to-Day Operations" from
    http://www.microsoft.com/downloads/...FamilyID=F937A913-F26E-49B5-A21E-20BA5930238D,
    but my question is:



    Is there anything else that obviously should be disabled or
    locked down in a secure native AD environment?



    Thanks,
     
    Mike Herchel, Jun 18, 2004
    #1
    1. Advertisements

  2. Try this site, it provides guidelines to secure each of Microsoft's
    products.
     
    Andrew Sword [MVP], Jun 26, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.