Nobody is really to blame: AD itself is designed to give you a lot of flexibility and won't complain if you don't follow best practices because you may have specific organizational needs that prevent you from doing so. However, over time-as objects are added, removed, updated, and moved around-AD often becomes somewhat less than secure. ![]() Initially, most organizations take the time to plan AD deployments and come up with a reasonably secure initial configuration. (Win2K also uses secure LDAP by default once you install SP3 or later.) Unfortunately, AD is literally what you make of it, meaning it comes out of the box almost entirely useless until you create users, computers, organizational units (OUs), Group Policy objects (GPOs), and so forth. AD comes out of the box in a pretty secure state, particularly in WS2K3, which uses secure Lightweight Directory Access Protocol (LDAP) by default and uses a fairly locked-down set of default permissions and configuration settings.
0 Comments
Leave a Reply. |