Microsoft Active Directory Tiering
Build a safe and secure baseline to protect Windows computers from compromise.
Get help categorizing your systems and identities within Active Directory into tiers, implement the model itself, and learn how to maintain and administer your Active Directory once implemented.
Product
The deliverable of the engagement is:
A design document describing the tier model and its implementation in your environment.
A tiering guide document describing the process of tiering a system such that you can tier systems yourselves going forward
A set of Group Policy Objects (GPOs), which enforce the tiering model on the systems within Active Directory
A set of PowerShell scripts that:
Maintain the tiering model
Alert you if a configuration is introduced that breaks the model so you can fix it immediately
Value
By implementing the Microsoft Active Directory Tier model, you lower the risk of an attacker obtaining additional or full control of your Active Directory and Microsoft infrastructure. The Microsoft Active Directory Tier model separates your Microsoft infrastructure into tiers based on criticality and ensures that administration of a given tier can only be performed by identities that belong to that specific tier.
Method
Our implementation of the Microsoft Active Directory Tier model is based on in-house developed PowerShell scripts and Group Policies that have been finetuned over the years to best suit the needs of our customers, both concerning maintainability, but also ease of use. Implementing the Microsoft Active Directory Tiering model is not a simple task, so automating and simplifying the process and continuously keeping your Microsoft infrastructure tiered is key to having a successful implementation.
We will help you design a tiered model that suits your needs, help you implement the model itself, and provide you with guidance on how to maintain and tier your infrastructure yourselves going forward.
Involvement
The delivery requires on-going involvement of your technical staff.