SleepyEgg

The recent Google hack has brought security to the top of every IT admin's mind, if it wasn't there already. But securing a network is a huge investment of time and money, to the point that many best practcices are out-of-reach for many small and medium businesses. Nonetheless, there is hope. Windows shops can get a good, cheap head-start on security by simply ensuring that their domain security policy is solid. In this article, Ars shows you how to create a group policy that will secure Active Directory (AD) according to current best practices, while keeping it open enough to ensure that operational headaches remain at a minimum.

Note: For reference, all policy settings discussed in this article can be found under Computer Configuration > Windows Settings > Security Settings in the Group Policy Editor (gpedit.msc)