A crazy idea? 0 (Zero) Admin Model in your production environment? Personally, I don’t think is crazy. First thing to check when running a security audit, is the number of privileged users. Remember that a privileged user is a member of either Enterprise Admins, Domain Admins or Administrators group. The fact is that more members these groups have, the less […]
Category: Security
A humble definition of Active Directory security, some best practices and market standards to increase the security, and some models which will help on this task.

Least Privileged Access
Why 7 if we can do it with 3 Least privileged access is to have nothing more than the permissions you need to complete your task. Every time I get to a new customer, and I need administrative access to the environment, I just get Domain Admin. We could justify this action by going into my background… The years of […]

Privileged and Semi-Privileged Users
Naming chaos… name things by their names. One of the most common issues I find when chatting to my customers and colleagues, is understanding things the same way. We all been in a situation where we know something by one name, but our colleague from another region (or country) call it differently. Well, on IT this happens all the time. […]

Segregation of Duties
Segregation of Duties on a globalized culture? Segregation word might be understand as a negative word. When administering IT systems, we DO have to segregate everything… segregate, divide, categorize, organize and so on. So segregation of Duties is a good IT topic. As Occam’s Razors says, “the simplest solution is almost always the best.”, and this is true meanwhile we […]
Logical Perimetral Security
Old physical concept transformed into new Logical technology When I was first hired on a Fortune500 company, my colleagues from the networking team were heavily involved into something they called “Perimetral Security”. It took me just a snap to realize the concept (Logical Perimetral Security), which by the way, it was very clever. The main idea of this concept was […]
Active Directory Paradigm
Active Directory Paradigm Blog Merriam-Webster defines Paradigm as “an outstandingly clear or typical example or archetype. Regard science as the paradigm of true knowledge”. And this is exactly what Active Directory Paradigm blog is about. Of course this is not the ultimate AD post, but in my humble opinion, is a very good approach on how to design, implement & […]