Keep a backup copy of your event logs in case something happens to your SEIM.
Starting to harden the environment
The first thing we will tackle are the issues raised by the Microsoft Best Practice Analyser. A lot of these issues are more generic to Windows devices so what we will do is create a new “Default Domain Policy” which…
Active Directory – Back It Up!
Before we get too far in to configuring Active Directory, we should sort out the backups so that we can restore the environment in the event of corruption, compromise or even our own mis-configuration. You have a choice of backup…
Alerting – Operations Management Suite
So far, we have the domain & forest set up. I’ve already configured an OMS workspace, and added the VMs to it. We’ve cranked up the auditing via GPO after setting all the time correctly, now lets get some alerts…
DNS – Block malware sites
When we set up our domain controllers, we installed the DNS role. DNS is key to how Active Directory works. It is possible to move DNS on to dedicated servers, however it’s common place to leave DNS on the Domain…
Auditing – and a little housework
First of all, I would like to point you at my GitHub repository. The GPOs I create as part of this blog will be backed up and uploaded to the following repository: https://github.com/1800Zeta/ActiveDirectory Feel free to download from here and…
Our first GPO – Time Sync
In Active Directory, time is extremely important. Active Directory is a multi-master system with each writable domain controller able to make changes to the directory. There are however 5 Operations Master roles that are responsible for performing tasks that are not…
Group Policy – Central Store
Deploying Group Policy Central Store for a consistent editing experience.
The Beginning – Create a Forest and Domain
Your first choice will be how you want to provision your domain controllers. Your choices include purchasing physical servers, using a hypervisor such as VMware ESXi or Microsoft Hyper-V, or going cloud and using Azure or AWS. As discussed in…
Introduction and First Post
So, I’ve populated the about page. I’ve added a page with high level design notes. Whilst applying the security and solutions to a new directory is relatively simple as you don’t have legacy systems to support, there shouldn’t be any…