Hi everyone,
I haven't found a microsoft-ad channe...
# _generald
Daniel Madsen
03/05/2024, 10:03 AMHi everyone,
I haven't found a microsoft-ad channels, hence.
Have any of you ever experienced a successful AD Tiering project, in a full production active directory?
I may be sceptical, but from those couple of times I've experienced or heard of such projects. It has always turned to shit.
w
Webster Webster
03/05/2024, 10:20 AMI have submitted quotes for those types of projects. i.e. tale a production AD and implement tiers, 3-level CA, and MS recommended security groups. The length of time required for such a project is long and the work is complex and fraught with risks. none of the bids were ever accepted
d
Daniel Madsen
03/05/2024, 10:24 AMThanks for the answer doc 🙂
j
Jon Bucud
03/05/2024, 5:29 PMTiered security? We run AD tiered security, I can invite our sec guy to WoEUC.
w
Webster Webster
03/05/2024, 9:49 PMyou run tier0/1/2 servers and tier3 computers where only specific computers can talk to specific servers?
j
Jon Bucud
03/05/2024, 10:11 PMtier 0/1 servers, tier 2 as elevated desktop then daily drivers as the nebulous 3. FWIW, Nathan, our sec guy did a pod recently https://podcasts.apple.com/us/podcast/episode-76-windows-active-directory-hardening/id1623448219?i=1000642764381