RE: DOMAIN CONTROLLER STOLEN...WHAT NEXT?

From: Tom Burns (tburns_at_TorcaUSA.com)
Date: 06/29/05

  • Next message: Adam Piggott: "Re: Local admin password" 
    Date: Wed, 29 Jun 2005 12:08:59 -0400
To: "BoB Taylor" <bob8600bob@hotmail.com>, <forensics@securityfocus.com>, <focus-ms@securityfocus.com>, <security-basics@securityfocus.com>

    1. Start a password change for all users.
    2. Change all system level passwords
    3. Remove the DC from your domain.

    -----Original Message-----
    From: BoB Taylor [mailto:bob8600bob@hotmail.com]
    Sent: Tuesday, June 28, 2005 9:19 PM
    To: forensics@securityfocus.com; focus-ms@securityfocus.com;
    security-basics@securityfocus.com
    Subject: DOMAIN CONTROLLER STOLEN...WHAT NEXT?

    Recently we had a domain controller stolen from a field office. We have

    taken some steps to reduce our risk. I have researched some books and
    some
    of the security site for a checklist or a set of recommended minimum
    steps
    that should be taken to ensure we are not at risk. Can anyone point me
    in
    the right direction or make some recommendations?

    Thanks, Bob

    _________________________________________________________________
    Don't just search. Find. Check out the new MSN Search!
    http://search.msn.click-url.com/go/onm00200636ave/direct/01/

    ------------------------------------------------------------------------ 

    ---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: Adam Piggott: "Re: Local admin password"

    Relevant Pages

    • Re: Contacting the PDC on bad password
      ... I'm not having a problem with the password change part of it. ... it updates the PDCe without any issue. ... The issue is with the password check from another domain controller. ... User tries to login to DC3, replication of the password change has not yet ...
      (microsoft.public.windows.server.active_directory)
    • Re: Domain Password Change Does Not Replicate to Local Machine
      ... to contacting the domain controller and secure channel and also look in the ... Possibly there is a problem and she is logging ... > password change on the domain while accessing a resource ... She went through the password change, ...
      (microsoft.public.win2000.security)
    • Re: DOMAIN CONTROLLER STOLEN...WHAT NEXT?
      ... Recently we had a domain controller stolen from a field office. ... of the security site for a checklist or a set of recommended minimum steps ... that should be taken to ensure we are not at risk. ... Check out the new MSN Search! ...
      (Focus-Microsoft)
    • Re: Rodc
      ... "The RODC must forward authentication requests to a writable domain ... controller running Windows Server 2008. ... set on this domain controller to determine if credentials are replicated to ... the password change is written locally and then forwarded by ...
      (microsoft.public.windows.server.active_directory)