Forum Discussion
Solved
Windows server security
Hi, our rule for logging onto servers today is always to use a separate account with local administrative privileges. This means that the administrator uses an account for individual use to l...
- Hi Sandro,
If understand correct you are worried that if one of the accounts with local admin is compromised, they are able to compromise other servers with the same account on prem.
Maybe the legacy ad Tier model is first step you could look into:
https://docs.microsoft.com/en-us/security/compass/privileged-access-access-model#evolution-from-the-legacy-ad-tier-model
So depending on which tier of server you are accessing you have a different account.
For example
for example: AD server, exchange server =tier 0
for example: IIS server = tier 1
for example: endpoints = tier 2
A compromise of an account in Tier 2 will not result in the total compromise of tier 1This not overcomplicated stuff with privileged access workstations.
Hi Sandro,
If understand correct you are worried that if one of the accounts with local admin is compromised, they are able to compromise other servers with the same account on prem.
Maybe the legacy ad Tier model is first step you could look into:
https://docs.microsoft.com/en-us/security/compass/privileged-access-access-model#evolution-from-the-legacy-ad-tier-model
So depending on which tier of server you are accessing you have a different account.
For example
for example: AD server, exchange server =tier 0
for example: IIS server = tier 1
for example: endpoints = tier 2
A compromise of an account in Tier 2 will not result in the total compromise of tier 1This not overcomplicated stuff with privileged access workstations.
If understand correct you are worried that if one of the accounts with local admin is compromised, they are able to compromise other servers with the same account on prem.
Maybe the legacy ad Tier model is first step you could look into:
https://docs.microsoft.com/en-us/security/compass/privileged-access-access-model#evolution-from-the-legacy-ad-tier-model
So depending on which tier of server you are accessing you have a different account.
For example
for example: AD server, exchange server =tier 0
for example: IIS server = tier 1
for example: endpoints = tier 2
A compromise of an account in Tier 2 will not result in the total compromise of tier 1This not overcomplicated stuff with privileged access workstations.