Educause Security Discussion mailing list archives
Re: Windows Domain Controllers: Risks involved
From: Chris Green <cmgreen () UAB EDU>
Date: Fri, 13 Mar 2009 13:33:25 -0500
Let me recommend the win-hied mailing list for this thread. http://www.windows-hied.org/2.html http://windows-hied.org/wiki/index.php5?title=Campus_Windows/AD_project_ or_team_sites also gives you more links. Aside from the Domain Admin Confidentiality issues (which theoretically can be an auditable event), there are the FERPA issues (how do you respect privacy flags), how do you structure delegated administration (OU/Group Policy Design), How you plan for DR, how do you secure domain admin (include 2factor in your rollout if you can), when domain admin is used. For that specific question, UAB did a single uabPeople bucket and has a lot of groups that indicate primary and secondary affiliations (student/faculty/staff/school/department).
-----Original Message----- When creating an Active Directory domain I am curious if you create a single domain for both Students and Fac\Staff or if you create a Tree like structure with a parent domain and the two child domains or something totally different like separate non-linked domains.
Current thread:
- Windows Domain Controllers: Risks involved Marmina Abdel Malek (Mar 13)
- <Possible follow-ups>
- Re: Windows Domain Controllers: Risks involved Tupker, Mike (Mar 13)
- Re: Windows Domain Controllers: Risks involved F.M. Taylor (Mar 13)
- Re: Windows Domain Controllers: Risks involved John Kaftan (Mar 13)
- Re: Windows Domain Controllers: Risks involved Patrick P Murphy (Mar 13)
- Re: Windows Domain Controllers: Risks involved Miller, Don C. (Mar 13)
- Re: Windows Domain Controllers: Risks involved Miller, Don C. (Mar 13)
- Re: Windows Domain Controllers: Risks involved Chris Green (Mar 13)
- Re: Windows Domain Controllers: Risks involved Anand S Malwade (Mar 13)
- Re: Windows Domain Controllers: Risks involved Brian Desmond (Mar 13)
- Re: Windows Domain Controllers: Risks involved Brian Desmond (Mar 13)
- Re: Windows Domain Controllers: Risks involved Jason Testart (Mar 13)
- Re: Windows Domain Controllers: Risks involved Brian Desmond (Mar 13)
- Re: Windows Domain Controllers: Risks involved Marmina Abdel Malek (Mar 13)
- Re: Windows Domain Controllers: Risks involved Brian Desmond (Mar 13)
- Re: Windows Domain Controllers: Risks involved Ryan S. Johnston (Mar 16)
- Re: Windows Domain Controllers: Risks involved David Gillett (Mar 17)