Starting to harden the environment

The first thing we will tackle are the issues raised by the Microsoft Best Practice Analyser. A lot of these issues are more generic to Windows devices so what we will do is create a new “Default Domain Policy” which will apply throughout. Start by opening the Group Policy Management Console, on the left navigate […]

Active Directory – Back It Up!

Before we get too far in to configuring Active Directory, we should sort out the backups so that we can restore the environment in the event of corruption, compromise or even our own mis-configuration. You have a choice of backup software so I will not go through how to configure this. It’s important that you […]

Alerting – Operations Management Suite

So far, we have the domain & forest set up. I’ve already configured an OMS workspace, and added the VMs to it. We’ve cranked up the auditing via GPO after setting all the time correctly, now lets get some alerts going on to let us know something nasty might be going on. To access (and […]

DNS – Block malware sites

When we set up our domain controllers, we installed the DNS role. DNS is key to how Active Directory works. It is possible to move DNS on to dedicated servers, however it’s common place to leave DNS on the Domain Controllers. Client machines will all have to use DNS servers that relate to the domain […]

Our first GPO – Time Sync

In Active Directory, time is extremely important. Active Directory is a multi-master system with each writable domain controller able to make changes to the directory. There are however 5 Operations Master roles that are responsible for performing tasks that are not suitable for multiple masters. In this post we are going to focus on the PDC […]