- How to add an Active Directory implementation information to the organization contingency plan for an Active Directory Domain
- How to backup Active Directory data for an Active Directory Domain
- How to ban delegation of privileged accounts for an Active Directory Domain.
- How to block Domain Controllers from Internet access for an Active Directory Domain
- How to change NT hash for privileged and unprivileged accounts that require smart cards for an Active Directory Domain.
- How to change the password for the Directory Service Restore Mode (DSRM) password for an Active Directory Domain
- How to comply a Read-only Domain Controller (RODC) architecture with directory services requirements for an Active Directory Domain
- How to configure a controlled interface for interconnections among information systems operating between systems or networks for an Active Directory Domain.
- How to configure Security Identifiers (SIDs) for an Active Directory domain to use only authentication data of directly trusted external or forest trust
- How to consider and document the impact of INFOCON changes on cross-directory authentication configuration for an Active Directory Domain
- How to document each cross-directory authentication configuration for an Active Directory Domain
- How to enable and configure inter-site replication to occur at least daily for an Active Directory Domain
- How to enable Selective Authentication on outgoing forest trusts for an Active Directory Domain
- How to ensure administrators have separate accounts for managing domain member servers for an Active Directory Domain
- How to ensure administrators have separate accounts for managing domain workstations for an Active Directory Domain.
- How to ensure an approved cross-domain solution is used for interconnections for directory services of different classification for an Active Directory Domain
- How to ensure Anonymous Logon and Everyone groups are not members of the Pre-Windows 2000 Compatible Access group for an Active Directory Domain
- How to ensure domain-joined systems (excluding domain controllers) are not configured for unconstrained delegation for an Active Directory Domain.
- How to ensure the domain functional level is a Windows Server version still supported by Microsoft for an Active Directory Domain.
- How to inspect network traffic if a VPN is used in the AD implementation for an Active Directory Domain
- How to limit membership in the Group Policy Creator Owners and Incoming Forest Trust Builders groups for an Active Directory Domain
- How to monitor administrative accounts for suspicious and anomalous activity for an Active Directory Domain
- How to monitor systems for remote desktop logons for an Active Directory Domain.
- How to protect a compromised Windows service application account with administrative privileges for an Active Directory Domain
- How to protect user accounts with domain level administrative privileges by adding them to the Protected Users group in Active Directory.
- How to remove accounts from outside directories or are not subject to the same security policies for an Active Directory Domain
- How to remove user accounts with delegated authority from Windows built-in administrative groups or remove the delegated authority from the accounts for an Active Directory Domain
- How to restrict access to need-to-know information to an authorized community of interest for an Active Directory Domain
- How to restrict membership to the Domain Admins group to accounts used only to manage the Active Directory domain and domain controllers.
- How to restrict membership to the Enterprise Admins group to accounts used only to manage the Active Directory Forest, for an Active Directory Domain.
