ALL >> Writing >> View Article
Options For Managing The Need For Multiple Policies
You can have only one password policy per domain. Many times you need more. Within any organizations there are areas of MCTS Certificationsensitivity that require more security than others. The users who access data in these areas should use stronger passwords than most other users. There are also accounts that hold more privileged access rights: administrator accounts, privileged accounts, and accounts with delegated permissions. These privileged accounts should use stronger passwords too. Your work in discovering the organization's culture and the nature of its business might have brought these needs to your attention. Unfortunately, there is no technical control that will allow you to create separate password policies for individual accounts or groups within a domain or to vary the policy by OU. You cannot, for example, use the password policy to require administrators to use 15-character passwords without requiring everyone in the domain to do so as well. You can choose one of the following two options for managing the need for multiple password policies:
Create multiple domains. ...
... Within each domain, a separate password policy can be created. This should have been considered when the Active Directory structure was being defined. If it has been, create the appropriate policy for each domain.
Extend the password policy beyond its technical controls and require users who should be using a strong password, changing it more frequently, or guarding it more strongly to do so. This option must either be enforced by a third-party product, custom-developed code, or audit. Third-party products might include moving away from the use of passwords as Windows Vista examauthentication credentials.
Consider using correct auditing techniques or ways to review the information.
Q Using correct techniques can counter the negative effects of massive logs. When events are filtered according to their importance, critical events are easily discernible.
Q In addition, while reviewing large amounts of ordinary activity is often fruit-less, examining the trends shown in the collected information can be valuable. If knowledge of what is ordinary exists, the abnormal can trigger further investigation. What, for example, is the meaning of a sudden large increase in revocation? Or in certificate request denial? These trends are not observable via simple viewing of the CA console.
Write a security log review process. Collection of records is an exercise in futility if records are not reviewed.
Before CA-specific auditing events will be recorded, object auditing must be turned on in the Audit Policy portion of Group Policy. Consider where this should be done. The offline root CA will require object auditing to be turned on to capture local information. The other CAs should be placed in a designated OU so that the entire security baseline for CAs can be easily applied. A GPO can be linked to this OU, and the GPO's audit policy can be set to audit object access for success and failure.
See Also Careful consideration of the meaning of events will enable the development of the best audit design for each CA implementation. For more information about designing free CompTIA exam questionsaudits in general, see Chapter 9.
Add Comment
Writing Articles
1. Book Publishing Services: Your Path To Becoming A Published AuthorAuthor: George Harvey
2. Fire Hose Maintenance Tips To Improve Safety And Performance
Author: Loveneet
3. The Chemic Tavern Book: A Complete Guide For New Readers !
Author: Lakeland Mysteries
4. Why Outsourcing Companies Are Essential For Modern Business Success?
Author: kajal
5. How Long Can A Portable Generator Run Without Stopping?
Author: DGA
6. Psykiater – Eksperten I Psykisk Sundhed Og Personlig Trivsel
Author: Psykiater DK
7. When Should You Hire A Mystery Book Publishing Consultant?
Author: Wilton Books LTD
8. The Growing Popularity Of Decorative Text In Social Apps
Author: Bartlett
9. What Is Vijay Talks Ai? A Practical Ai And Digital Marketing Hub For Small Businesses, Creators, And Startups
Author: Vijay Chauhan
10. Interior Planning Before Construction: A Complete Guide To Building A Smarter Home
Author: Living Edge Architects and Designers
11. Will Ai Replace Architects? The Truth In 2026
Author: Living Edge Architects and Designers
12. Jimsphones Vs No Seo Backlink
Author: Jimsphones
13. Why Is Publishing A Book So Challenging For New Authors?
Author: Gayle Lueilwitz
14. Ai Data Sourcing Company In Delhi – Reliable & Scalable Solutions
Author: Crystalhues
15. Red Wine Sauce For Duck: A Rich And Flavorful Classic
Author: Tourtoreview






