Only systems dedicated for the sole purpose of managing Active Directory must be used to manage Active Directory remotely.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36436 | AD.0006 | SV-47842r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Only domain systems used exclusively to manage Active Directory must be used to manage Active Directory remotely. Dedicating domain systems to be used solely for managing Active Directory will aid in protecting privileged domain accounts from being compromised. |
| STIG | Date |
|---|---|
| Active Directory Domain Security Technical Implementation Guide (STIG) | 2013-03-12 |
Details
| Check Text ( C-44678r2_chk ) |
|---|
| Verify that any domain systems used to manage Active Directory remotely are used exclusively for managing Active Directory. If domain systems used for managing Active Directory are used for additional functions, this is a finding. If Active Directory is managed with local logons to domain controllers, not remotely, this can be marked NA. |
| Fix Text (F-40968r2_fix) |
|---|
| Set aside domain systems to manage Active Directory remotely. Ensure they are used only for the purpose of managing Active Directory. Otherwise, use the local domain controller console to manage Active Directory. |