Appendices
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012
Appendices are included in this document to augment the information contained in the body of the document. The list of appendices and a brief description of each in included the following table.
Appendix |
Description |
Contains a list of companies that produce patch and vulnerability management software. |
|
Appendix B: Privileged Accounts and Groups in Active Directory |
Provides background information that helps you to identify the users and groups you should focus on securing because they can be leveraged by attackers to compromise and even destroy your Active Directory installation. |
Appendix C: Protected Accounts and Groups in Active Directory |
Contains information about protected groups in Active Directory. It also contains information for limited customization (removal) of groups that are considered protected groups and are affected by AdminSDHolder and SDProp. |
Appendix D: Securing Built-In Administrator Accounts in Active Directory |
Contains guidelines to help secure the Administrator account in each domain in the forest. |
Appendix E: Securing Enterprise Admins Groups in Active Directory |
Contains guidelines to help secure the Enterprise Admins group in the forest. |
Appendix F: Securing Domain Admins Groups in Active Directory |
Contains guidelines to help secure the Domain Admins group in each domain in the forest. |
Appendix G: Securing Administrators Groups in Active Directory |
Contains guidelines to help secure the Built-in Administrators group in each domain in the forest. |
Appendix H: Securing Local Administrator Accounts and Groups |
Contains guidelines to help secure local Administrator accounts and Administrators groups on domain-joined servers and workstations. |
Appendix I: Creating Management Accounts for Protected Accounts and Groups in Active Directory |
Provides information to create accounts that have limited privileges and can be stringently controlled, but can be used to populate privileged groups in Active Directory when temporary elevation is required. |
Contains a list of third-party RBAC vendors and the RBAC solutions they offer. |
|
Contains a list of third-party PIM vendors and the PIM solutions they offer. |
|
Lists events for which you should monitor in your environment. |
|
Contains a list of recommended reading. Also contains a list of links to external documents and their URLs so that readers of hard copies of this document can access this information. |