Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows Domain Controllers: Risks involved

From: Chris Green <cmgreen () UAB EDU>
Date: Fri, 13 Mar 2009 13:33:25 -0500
Let me recommend the win-hied mailing list for this thread.
http://www.windows-hied.org/2.html

http://windows-hied.org/wiki/index.php5?title=Campus_Windows/AD_project_
or_team_sites also gives you more links. 

Aside from the Domain Admin Confidentiality issues (which theoretically
can be an auditable event), there are the FERPA issues (how do you
respect privacy flags),  how do you structure delegated administration
(OU/Group Policy Design),  How you plan for DR, how do you secure domain
admin (include 2factor in your rollout if you can), when domain admin is
used.

For that specific question, UAB did a single uabPeople bucket and has a
lot of groups that indicate primary and secondary affiliations
(student/faculty/staff/school/department).


-----Original Message-----

When creating an Active Directory domain I am curious if you create a
single domain for both Students and Fac\Staff or if you create a Tree
like structure with a parent domain and the two child domains or
something totally different like separate non-linked domains.
Previous By Date Next
Previous By Thread Next

Current thread: