Chapter 3: Deploying Secure Domain Controllers

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2

The Active Directory executables and database are stored on the domain controllers in your Active Directory infrastructure. The domain controllers are the servers in your network infrastructure that you must secure to protect Active Directory. If the security of any domain controller in your Active Directory infrastructure is compromised, the security of the entire infrastructure is at risk.

An essential part of deploying your domain controllers is ensuring that they are deployed securely. If you are in the process of deploying your domain controllers, the steps in this section include recommendations for deploying your domain controllers in a manner that enhances their security. If you have already deployed your domain controllers, consider whether to configure your existing domain controllers to reflect the security recommendations in this section.

To deploy secure domain controllers:

  1. Secure the domain controller build environment.

  2. Establish secure domain controller build practices.

  3. Maintain physical security.