Important Steps for Configuring Active Directory Logging:Keep domain controller logs centrally.Keep security logs from all domain joined servers centrally.Create and monitor alerts on:The use (success or failure) of any domain administrator credentials.The use of any local administrator credentials.Changes to domain administrator or other sensitive groups in AD.Cached Credentials:Use GPO to set cached credentials on servers to the minimum you possibly can (0 or 1 for servers - for desktops, you may find... Read more about Important Steps for Configuring Active Directory
Coordinate Harvard authentication with Identity & Access Management (IAM) Consult the IAM website for authentication protocol options and guides. For additional assistance, please email iam_help@harvard.edu or submit a ServiceNow ticket under the subcategory of Authentication Services: Consulting. Read more about Coordinate Harvard authentication with Identity & Access Management (IAM)
Transfer temporary passwords securely Initial/temporary passwords or secrets must be securely transferred to the user (email to a known good address without the username or address of record, or phone call). A phone call is the preferred method.
Require password changes When creating passwords, administrators must ensure that they are set to be changed after first use.