In speaking with a lot of my customers, the topic of "How can I better secure my Active Directory environment?" always seems to come up. There are several ways to answer this question, but today I want to focus on the one that seems to be overlooked most often: privileged user accounts.
I've always compared privileged users to teenagers. Can you really trust that they're using the best judgement? Would you feel more comfortable if you could check up on them regularly? There's a reason why wireless cameras and tracking systems are such hot sellers. The majority of data breaches originate from an internal source, so securing these sources is the key to keeping your environment safe. In this 4 part series, I'm going to show you how Quest Software can calm your anxiety and greatly reduce your use of antacids.
Step 1: Identify what users have elevated rights in Active Directory.
If you were asked to provide a report detailing what users had what rights to what objects in Active Directory, could you provide it? If so, how long would it take you to provide this information? These are not always just your users in your Domain Admins group. These could be users that have been granted rights directly through ADUC or they could be a member of a group with rights assigned. With Quest's Enterprise Reporter, you easily locate accounts that have been granted privileged rights in AD and know exactly where they've been applied. Since a user's role can change frequently over their tenure with your company, it's not uncommon to find users with rights that they no longer need. You can even have these reports emailed to you on a regular basis to ensure you always know what’s going on with AD.