cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Windows server security

Sandro Alves
Copper Contributor

‎May 26 2021 03:14 PM

‎May 26 2021 03:14 PM

Windows server security

Hi,

 

our rule for logging onto servers today is always to use a separate account with local administrative privileges.

 

This means that the administrator uses an account for individual use to log on to their computers without permission and also another individual account with permission for local administration for servers.

 

The goal is to prevent the administrator from using the same personal login on the server.

However, if this account used for the servers is hacked, you will have access to all other servers.

Is there any good practice to help?

 

For example, use UAC at a maximum level to always ask?

 

Or create a third account, one to log in to the server without permission and another with administrative privilege that will only be used when privilege is requested?

 

Thanks.

330 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by Trevor_Rusher (Community Manager)
LouisMastelinck

‎May 27 2021 05:49 AM

‎May 27 2021 05:49 AM

Solution

Re: Windows server security

Hi Sandro,

If understand correct you are worried that if one of the accounts with local admin is compromised, they are able to compromise other servers with the same account on prem.

Maybe the legacy ad Tier model is first step you could look into:
https://docs.microsoft.com/en-us/security/compass/privileged-access-access-model#evolution-from-the-...

So depending on which tier of server you are accessing you have a different account.
For example
for example: AD server, exchange server =tier 0
for example: IIS server = tier 1
for example: endpoints = tier 2
A compromise of an account in Tier 2 will not result in the total compromise of tier 1This not overcomplicated stuff with privileged access workstations.


0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Trevor_Rusher (Community Manager)
LouisMastelinck

‎May 27 2021 05:49 AM

‎May 27 2021 05:49 AM

Solution

Re: Windows server security

Hi Sandro,

If understand correct you are worried that if one of the accounts with local admin is compromised, they are able to compromise other servers with the same account on prem.

Maybe the legacy ad Tier model is first step you could look into:
https://docs.microsoft.com/en-us/security/compass/privileged-access-access-model#evolution-from-the-...

So depending on which tier of server you are accessing you have a different account.
For example
for example: AD server, exchange server =tier 0
for example: IIS server = tier 1
for example: endpoints = tier 2
A compromise of an account in Tier 2 will not result in the total compromise of tier 1This not overcomplicated stuff with privileged access workstations.


View solution in original post

0 Likes
Reply