Day: December 25, 2011

The documentation for the Dcgpofix.exe tool incorrectly indicates that the Dcgpofix tool will restore security settings in the Default Domain Controller Policy to the same state that they were in immediately after Dcpromo successfully completed. This is not the case. It is best to use the Dcgpofix tool only in disaster recovery scenarios. The Dcpromo operation modifies the security of the domain in an incremental manner, based on the existing security settings on that server. Therefore, after you run Dcpromo, the final set of security settings in the Default Domain Controller Policy depends on both the Dcpromo operation and the […]

Step 1: Restore AD LDS Instance Data Applies To: Windows Server 2008 You should back up Active Directory Lightweight Directory Services (AD LDS) data and log files regularly to ensure the continued availability of data to applications and users in the event of a system failure. By default, each instance of AD LDS running on an AD LDS server stores its database file, Adamntds.dit, and the associated log files in %program files%Microsoft ADAMinstance_namedata, where instance_name is the AD LDS instance name. Include these files as part of the regular backup plan of your organization. You back up data for an […]

On This Page Introduction Definition Challenges Solutions Summary Appendix A: Common Services Introduction The first step towards securing a midsize business network is to understand what vulnerabilities an attacker is likely to exploit. The primary task of an attacker who has infiltrated a network is to initiate escalation of privileges, which is how an attacker attempts to gain more access from the established foothold that they have created. After an escalation of privileges has occurred, there is little left to stop an intruder from whatever intent that attacker has. Attackers can use many different mechanisms to achieve an escalation of […]