Newbie question about security tiering model with AD

Aliza Amalice 0 Reputation points
2023-10-23T19:39:54.4933333+00:00

Hi,

Microsoft recommand tiering model to manage different layer of security. Six question about this model :

  1. My current AD account is CONTOSO\a.amalice, it's probably the account I need to keep to use as private session. Do you have a name pattern proposition to use (or what do you use) for other tier ?
  2. Manage OU, computer or user need to be with the tier 0 or tier 1 account ? Some documentation let tier 0 only for AD core operations.
  3. Where I can the list of rights/privileges to let to each account ?
  4. When I want to install on an application on a workstation. Do I need to use the tier 2 account or the local admin account (with the password stored on the AD with LAPS).
  5. Where I can find the list of TCP/UDP ports to allow/deny on each tier ?
  6. Last question, I have a forest with 6 domain. I need to create 7 x 3 accounts ? I dont see other solution.

Aliza

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,287 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,996 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,746 questions
0 comments No comments
{count} votes