By: joe

joe — Tue, 26 Sep 2006 02:54:19 +0000

Thanks for the link to the paper Guido.

By: Guido

Guido — Wed, 20 Sep 2006 13:38:07 +0000

great post joe – although I also value Steve’s opinion, it would be a tough business case to rebuild the forest.

I’d also mention that although RODCs will certainly improve the situation in the future, using DCs on VMs in branch-offices today will also allow an additional layer of protection against DC theft or at least the risk resulting thereof. The VM image-files should be encrypted on the host server so that the person that stole the hardware would have a difficult time to get to the actual AD database files. There is a good Whitepaper on hosting DCs as VMs written by Nathan Muggli, the PM for the RODC: http://www.microsoft.com/downloads/details.aspx?FamilyId=64DB845D-F7A3-4209-8ED2-E261A117FC6B&displaylang=en

/Guido

Comments on: So your Domain Controller decides to get stolen… what next?

By: joe

By: Guido