For the best web experience, please use IE11+, Chrome, Firefox, or Safari

Understanding "Red Forest" — The 3-Tier ESAE and Alternative Ways to Protect Privileged Credentials

On Demand
  • Recorded Date:Jan. 12, 2017
  • Event:On Demand

Microsoft has responded to the repeated success of attackers pursuing horizontal kill chains via pass-the-hash and related attacks with a reference architecture and other best practices that seek to isolate privileged credentials. The term “red forest” has been coined as an informal name for a special administrative forest Microsoft recommends for holding the accounts that have privileged access to your production forest and require additional security.

A key feature of this guidance is a three-tier enhanced security admin environment (ESAE) in which admin accounts are divided into three levels of security:

  • Tier 0 — Basically enterprise admins with forest-level admin authority
  • Tier 1 — Server, application and cloud admin authority
  • Tier 3 — Administrative control of workstation and device

In this webcast, security expert Randy Franklin Smith will explain the reasons why you might go to this extra trouble — as well as the limitations of this structure. Lastly, Randy will explore why third-party tools, like those Quest offers, may offer the most coverage in this three-tier security structure.


Security expert Randy Franklin Smith