Hi, Microsoft recommand tiering model to manage different layer of security. Six question about this model : My current AD account is CONTOSO\a.amalice, it's probably the account I need to keep to use as private session. Do you have a name pattern proposition to use (or what do you use) for other tier ? Manage OU, computer or user need to be with the tier 0 or tier 1 account ? Some documentation let tier 0 only for AD core operations. Where I can the list of rights/privileges to let to each account ? When I want to install on an application on a workstation. Do I need to use the tier 2 account or the local admin account (with the password stored on the AD with LAPS). Where I can find the list of TCP/UDP ports to allow/deny on each tier ? Last question, I have a forest with 6 domain. I need to create 7 x 3 accounts ? I dont see other solution. Aliza

Newbie question about security tiering model with AD

Aliza Amalice 0

Hi,

Microsoft recommand tiering model to manage different layer of security. Six question about this model :

My current AD account is CONTOSO\a.amalice, it's probably the account I need to keep to use as private session. Do you have a name pattern proposition to use (or what do you use) for other tier ?
Manage OU, computer or user need to be with the tier 0 or tier 1 account ? Some documentation let tier 0 only for AD core operations.
Where I can the list of rights/privileges to let to each account ?
When I want to install on an application on a workstation. Do I need to use the tier 2 account or the local admin account (with the password stored on the AD with LAPS).
Where I can find the list of TCP/UDP ports to allow/deny on each tier ?
Last question, I have a forest with 6 domain. I need to create 7 x 3 accounts ? I dont see other solution.

Aliza