Active Directory is one of the mostly widely used models to push policies and to secure your enterprise.
Many IT personnel complain of degrading performance after a period of time. Although Windows tries to keep Active Directory defragged, the Active Directory database can begin to grow even when you delete users and adjust it. More on this later….
Memory (Always use 64bit Windows – Migrate to Server 2008 R2) - use 8gb or more when possible
Memory Speed – Look for HyperX and other high quality memory
Motherboard Choice – FSB, Chipset, ports, controllers (Motherboard selection should come after CPU)
Processor – select multi-core/multi-CPU
Power – We live in a ‘Green’ world but don’t rob your system of power
Hard Disks – Use SATA 6.0 for small / medium enterprises and SCSI for large enterprises
-Put your OS on one drive, active directory on a second drive
Do you have a computer that responds slow on the network or hesitates? Follow these steps and you will see a significant difference. (Because we have not shown how to disable advanced settings in your network card, simply go to your device manager and double click on your network card – disable TCP offload and any advanced settings such as proxy and other settings that may make the card hesitate)
Remove any add-ins on your Browsers that you don’t need
PhoneFactor offers a two-step authentication when logging on to your computer. This helps to verifiy user logins for a workstation or server.
How does it work?
Enter your username and password into your computer. PhoneFactor then calls you. Press the # or enter a PIN number or PhoneFactor can send you a text message containing a one-time passcode where you reply with your password or PIN.
A third factor of authentication allows you to speak a short passphrase into your phone during the authentication process.
PhoneFactor is free. Other packages are available for medium and large organizations.
Want to control who gets on your network? Callout DLL can still be downloaded from Microsoft and now with Windows Server 2008 you can control with an Allow/Deny.
With portable computing (netbooks, laptops, droids, blackberries, iPads, iPods, iPhones and other portable devices) many users will discover how to get on your network. Callout DLL for Windows Server 2003 and Windows Server 2008 allows your IT department to control who gets on your network.
Many IT departments have the luxury of buying expensive servers. 15 years ago we decided to build our own. Much like Google builds their own servers. Recent additions and replacements in our server farm include AMD’s hexacore processor with 16 GB of RAM and 3 Tb of hard drive space. At only $1300 per server, you just can’t go wrong. Looking at an equivalent server from vendors, the same specs would run around $5000+.
While Open Source offers many fantastic programs that are out there, we license Windows Server software along with some Open Source software to meet needs without sacrificing quality.
I do not recommend this but I have seen a non-critical server where simplex passwords could be used (internal network/non-critical or non-sensitive data) – Resetting password complexity in Windows Server 2008 (R2).
If you need to disable password complexity in Windows Server 2008 and it is grayed out under the group policies -
Open the group policy management console and edit the GPO on domain level, if you haven’t created one you can use the one that is listed by default.
Find password complexity in the policies and change
You can use Windows Server 2008 and install DHCP and NAP (network access protection) to force a check of all computers that join your network. As the computer boots up and request an IP address, the computer will be analyzed and if the computer does not meet security specs of your network, it will be redirected to an internal webpage. The users will be required to update their computer before their computer can join your network.
Requirements – Server 2008
At server roles click add DHCP and Network Policies
Walk thru DHCP insuring your computer has a static ip address prior to starting. Plan your ip addresses according to your network.
Walk thru NAP (Make sure you make a group for Authorized NAP users as shown in the last pic).
Configuration of DHCP server and Configuration of NAP Services
(Oracle picture below – Oracle (Sun’s VirtualBox) VirtualBox was used for this setup – this is NOT required)