The Administrator Accounts Security Planning Guide
Chapter 4 - Summary
Because of their inherent permissions and power, the administrative accounts on computers are both the most useful and the most dangerous accounts that exist on them. Organizations must be especially vigilant when they secure domain-level administrator accounts because an intruder who is able to compromise a domain administrator’s account can gain extensive access to every computer in your domains and forests. Microsoft has established steps to secure domain administrator accounts on its corporate network and urges other organizations to do the same. You should use the best practices that this guide describes as you manage your network and adhere to its principles to reduce the risk of unauthorized users who can gain administrative access to your sensitive network assets and Active Directory® directory service data. Making administrator accounts as secure as possible is an important initiative for organizations that want to secure their network assets. On This Page
Next StepsIf an organization has not yet deployed a program for the security of administrator accounts, this planning guide provides a foundation for them to plan such a program. The main steps that organizations should take when they plan to secure administrator accounts are:
Further ReadingThe integrity of a program to secure administrator-level accounts is dependent on its long-term maintenance. For more information about operational best practices, see the Microsoft® Operations Framework (MOF) Web site at www.microsoft.com/technet/itsolutions/cits/mo/mof/default.mspx. This guide for making administrator accounts more secure is essentially a compilation of Microsoft best practices. For additional best practice considerations to secure your Active Directory infrastructure, see the following resources:
|
In This Article
|
