Archive for October, 2004

IT-Forum, Clarification of my last blog and update

Wednesday, October 27th, 2004

Update It’s a busy and very intersting time. This year has been a blast! I was pretty busy in the last couple weeks: Finished a migration project from NT to Windows Server 2003 at a insurance here, did a lot of classes recently (XP, WS2k3, included my talks about AD, DNS, XP SP2 Security Features, […]

What to do if a Branch Office DC is not physically secured?

Sunday, October 24th, 2004

Today there was a pretty interesting issue in the Windows Server Newsgroups: “What to do if a Branch Office DC is not physically secured?” OK – the first thing ever should be not to put a DC anywhere where it’s not physically secured from theft. But lets look what happens if someone gets your DC […]

Short story on roles needed in an enterprise

Saturday, October 2nd, 2004

Posting the last weblog reminded me on a situation which I like to share: I was at a customer and we were in a workshop defining the roles in Active Directory needed for that enterprise. When we started there were a lot of people/departments which thought it’s necessary to be either domain admins or account operators. […]

Got a promise on a X-Mas present

Saturday, October 2nd, 2004

I’m one of the guys who prefers a AD-Implementation with the lowest rights possible – e.g. do not use build in groups if not necessary (the least one necessary in my eyes is Account Operators – usually you design OUs which are supposed to contain users, groups or computers, however AOs would be able to […]