best practices still apply...
new important feature in w2k8:http://blogs.dirteam.com/blogs/jorge/archive/2008/02/21/delegated-per...
in both w2k3 and w2k8 and higher and not that well known:http://blogs.dirteam.com/blogs/jorge/archive/2008/05/20/denying-the-c...
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
BLOG (WEB-BASED)-->http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)-->http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
- Show quoted text -
Sanjay Tandon said:Hi AJ,
Unfortunately, there are no noteworthy improvements in this area in
Windows
Server 2008. We did recieve numerous requests for improving specific
aspects
of delegation, but due to time and resources constraints many of these had
to
be postponed.
I do hope that you guys did find the simple tools like dsrevoke and the
delegation paper useful, which we worked hard to deliver at our earliest
convenience.
Some of us have personally made contributions to make improvements in this
area. For starters, in order to help IT admins better understand the many
aspects of delegation, I commissioned the development of a website to
provide
comprehensive information on this subject to the community - <a
href="http://www.activedirsec.com">http://www.activedirsec.com</a>.
In addition, at Paramount Defenses Inc, we have developed and delivered
the
world's only accurate delegated access asessment, verification and
reporting
solution for Active Directory, called the <a
href="http:/www.paramountdefenses.com/goldfinger.php">Gold Finger</a>.
With <a href="http://www.activedirsec.com">http://www.activedirsec.com</a>
and <a href="http:/www.paramountdefenses.com/goldfinger.php">Gold
Finger</a>,
we hope to help organizations efficiently and effectively assess, lockdown
and maintain secure Active Directory delegations, which are fundamental to
organizational security.
This is a very important and sensitive subject from a security
perspective,
and we hope wish organizations well in their efforts to run a secure
Active
Directory infrastructure based on the principle of least privilege.
Best wishes,
<a href="http://www.sanjaytandon.com">Sanjay Tandon</a>
Formerly Microsoft Program Manager for Active Directory Security,
(Author of Microsoft's official whitepaper on Delegation in Active
Directory)
__________ Information from ESET Smart Security, version of virus
signature database 4148 (20090611) __________
The message was checked by ESET Smart Security.
http://www.eset.com
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.