Deploy AGPM using Group Managed Service Account and Least Privileged model.
Before we get too deep in to configuring our nice domain service, we will enable a useful feature. The Recycle Bin. This allows us to quickly and easily restore an object we accidentally delete. Enabling the recycle bin just requires a forest functional of 2008 R2 or higher. We provisioned full 2016 so lets enable […]
Using GPO to disable SMB1 and NetBIOS.
Keep a backup copy of your event logs in case something happens to your SEIM.
The first thing we will tackle are the issues raised by the Microsoft Best Practice Analyser. A lot of these issues are more generic to Windows devices so what we will do is create a new “Default Domain Policy” which will apply throughout. Start by opening the Group Policy Management Console, on the left navigate […]
Before we get too far in to configuring Active Directory, we should sort out the backups so that we can restore the environment in the event of corruption, compromise or even our own mis-configuration. You have a choice of backup software so I will not go through how to configure this. It’s important that you […]
So far, we have the domain & forest set up. I’ve already configured an OMS workspace, and added the VMs to it. We’ve cranked up the auditing via GPO after setting all the time correctly, now lets get some alerts going on to let us know something nasty might be going on. To access (and […]