Controlling server security -- to domain or not to domain?

From: sP (littlechild_zu_at_yahoo.com)
Date: 12/09/03


Date: Tue, 9 Dec 2003 09:02:40 -0800

I'm looking for a best practice.

I have about 25 windows 2000 servers that I have been told
to secure. They range from domain controllers, file/print,
citrix, sqlservers and domino.

What is the best practice to control group policy settings
on these servers? Should I leave them off the domain and
set them through local GP? Or is it better to add these
servers to the domain and control group policy through
Active Directory.

The "do it the easy way" part of me says to add them to
the domain and control the servers through active
directory. This would allow me to secure and update the
servers much more easily.

However, the "keep it secure as possible" part of me says
to keep servers off the domain that don't need to be. This
would be a bit more work but makes since.

Can anyone give any thoughts on this matter? Is my
thinking wrong?



Relevant Pages

  • Re: IMPACT of (Delegation Control of Group Policy) on Active Direc
    ... GPOs applied on DCs and Servers ... Health of active Directory and DCs since unSYSTEM Engineer is having ... Actually my MAIN CONCERN is that how would delegating control of Group ... Policy to SUPPORT Engineer affect health of active directory?? ...
    (microsoft.public.windows.server.active_directory)
  • Re: dns administration delegation
    ... Allow site_DNSadmin group to FULL control Computer Configuration\Windows ... Executed dnsmgmt.msc and added one of the dns servers. ... additional permissions that grant unnecessary rights. ...
    (microsoft.public.windows.server.dns)
  • Re: dns administration delegation
    ... Allow site_DNSadmin group to FULL control Computer Configuration\Windows ... Executed dnsmgmt.msc and added one of the dns servers. ... additional permissions that grant unnecessary rights. ...
    (microsoft.public.windows.server.dns)
  • Re: IMPACT of (Delegation Control of Group Policy) on Active Directory
    ... directory that could result from delegating control of group policy ... who is only responsible for desktops and laptops (SUPPORT Engineer). ... Exchange, and other print, share and application servers. ... Engineer has delegation of control to create group policies and link them ...
    (microsoft.public.windows.server.active_directory)
  • Re: IMPACT of (Delegation Control of Group Policy) on Active Direc
    ... directory that could result from delegating control of group policy ... who is only responsible for desktops and laptops (SUPPORT Engineer). ... Exchange, and other print, share and application servers. ... Engineer has delegation of control to create group policies and link them ...
    (microsoft.public.windows.server.active_directory)