1) Obtain a hierarchical representation of the Active Directory structure, beginning with the forest(s). 2) Determine if the forest structure provides for a separation between service administrators (responsible for Active Directory design and highest level of administration) and data administrators (responsible for user credentials, access rights, etc.). 3) Obtain a list of all forest owners and determine that all forest owners are trusted and that appropriate background verification has been completed for each owner. 4) Determine that service administrators responsible for intranet and extranet forests have separate, isolated user IDs for each internal and external forest. 5) Determine that users from other forests are not members of the groups that: • Are responsible for service management or manage membership of service administrator groups. • They have administrative control over computers that store protected data.
Login to your subscription to download the complete template
You need to login to add your comment
0 Comments