Did you make your personal New Year’s resolution? How about your professional one? With 2018 now here, I suggest that all Windows administrators make a resolution to increase the security of their Active Directory, Windows Servers, and Windows workstations. This is the first step in making your overall network more secure and helping reduce the attack surface of all your devices.
Here are some ideas for implementing this New Year’s resolution:
- Ensure all privileged groups in Active Directory have the correct members.
- Remove all user accounts that have never logged in.
- Secure your service accounts.
- Deny NTLM and LM authentication protocols.
- Ensure all new user accounts have random passwords.
- Provide a self-service password portal for users.
- Implement a real-time change monitoring system for AD changes.
- Implement multi-factor authentication.
This list will get you started! In order to assist you with some of these tasks, be sure to use our Security Hardening Website, which is a guide to completing many of these tasks. If you have any questions along your journey in 2018 to becoming more secure, be sure to send me an email at firstname.lastname@example.org.