The Domain Controller Settings are used to provide additional security for Domain Controller systems, and to protect Active Directory (AD) data from undesired information disclosure and tampering. By default, the 6.0 policy enforces least privilege access to the Domain Controller resources. The intent is that this protection "should just work" without requiring additional special knowledge or pre-configuration by the SDCS:SA administrator. Those processes needing read or write access are given access and all others denied any access.
The data files that require protection include:
Active Directory (AD) Database files (most notably the AD database ntds.dit, but also related .edb files, and the Active Directory Certificate Services CA database)
(Note for implementation: may require a new translator function to discover the location of these files)
The Registry Keys that require protection include the service parameter settings for:
Imported Document ID: HOWTO95354
Subscribing will provide email updates when this Article is updated. Login is required.