Baseline policies
When talking about baseline policies, we need to consider two sets of polices. One is for Active Directory itself, and the second one is for Domain Controllers. Domain Controllers (DCs) are the backbone of Active Directory. When you install and configure Active Directory Domain Services on a Windows server, it will become a Domain Controller in an Active Directory Forest or Domain. Since they are the foundation of Active Directory, security hardening should start from this level.
We are again going to use and rely on Microsoft Security Compliance Manager (SCM) to generate the recommended policy for Domain Controllers. As stated in the previous chapters, these policies can be reviewed and modified based on your business and technical requirements before applying them in your organization. For Active Directory, there are two baseline polices available in Microsoft SCM: Domain Controller Security and Domain Security.
Note
Windows Server 2012 Active Directory installation,...
