Category: Technology

04 Aug 2015

Community Banks Can Extend Their Internal IT Team with Help from IT and Security Service Providers

Community Banks Can Extend Their Internal IT Team with Help from IT and  Security Service Providers

Running the day to day IT network administration for a community bank is a full-time job. One of the biggest challenges is the need for constant management of multiple solutions with a limited number of people on the IT team.

The typical IT department at a small community institution has a big job with limited staff. Not only is the department expected to oversee all the administrative work of setting up and maintaining the bank’s IT network, but they are also expected to work with the security officers to ensure that every technology component that constitutes the network is compliant with regulatory guidance. The department is also responsible for monitoring an array of administrative concerns like antivirus status, patch compliance, and email security to name just a few.

Furthermore, when auditors or examiners come knocking, the IT department must be able to produce a paper trail proving that daily practices match written policies and procedures. Then comes the matter of internal oversight. The processes that make use of those technology components must also align with the institution’s high-level policies, and this is where an IT steering committee, senior management, and the board of directors come into play. In order to support strategic IT decision-making, IT managers must be able to neatly package and explain network health and technology compliance in reports aimed at this group who hold the ultimate responsibility for protecting customer data.

As these financial institutions plan for a future that is increasingly taking more banking services online and mobile, a modern community bank’s lifeblood is its technology!

To help augment internal IT resources many institutions are turning to IT and security service providers to act as an extension of their organization — seeking a true partner to work together to streamline technology needs. The right solution provider can help bridge the gap between a financial institution’s everyday network administrative functions and the big picture goals of IT compliance and infrastructure planning.

An IT and security service provider can help automate and control many of the IT network administrative functions that are so time-consuming for in-house staff. Automating patch management and reporting saves your bank IT resources a tremendous amount of time. Providing bankers the ability to actively monitor network information for diagnostic or security issues not only saves time and improves efficiencies, but also helps the bank extend its hours of support beyond the traditional 9 to 5 hours. Additionally, outsourcing these business processes can help fill the gap when the IT staff is out sick or on vacation, providing added peace of mind.

IT service providers who focus on the community bank market can also offer account managers who act as facilitators and trusted advisors to help guide technology committees and provide tools to address financial regulatory governance. These account managers have a wealth of banking IT expertise and commonly attend technology steering committee meetings, assist with IT strategic planning, facilitate the responses to pre-exam IT questionnaires, and conduct periodic self-assessments of the bank’s IT infrastructure. With this structured guidance, financial institutions can gain deeper technology insights, complete more comprehensive control self-assessments, and enhance strategic IT planning.

The right IT service provider should offer your bank full support for the demands of banking technology and IT regulatory compliance by delivering your institution a solution that encompasses the three spheres of IT policy, procedure, and documentation. At Safe Systems we understand the ever-growing complexity of community banks’ IT operations and enhanced regulatory requirements. By making the decision to partner with Safe Systems and introduce our NetComply service, your organization will benefit from time saving automation and an in-depth view of your IT network environment. We want to provide you with assurance that your institution’s IT network is functioning efficiently, optimally, securely, and, most importantly, is compliant with FFIEC regulations.




Free White Paper



Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.



Dispelling 5 IT Outsourcing Myths within Financial Institutions



28 Jul 2015

Windows 10 Offers Community Banks and Credit Unions Improved Security

Windows 10 Offers Community Banks and Credit Unions Improved Security

This post is the final in a three part series exploring aspects of Windows 10. Also read: Part 1 discusses market statistics, and Part 2 dives into the interface.

Another Windows 10 area where Microsoft appears to be placing a heavy focus is security. In late April, Microsoft announced on their blog several new security features that will be present in Windows 10. This was in following up on another security-minded post from October 2014. These features center on managing application execution and user identity and are especially important to financial institutions.

The application execution component is being termed Device Guard. The feature will be certified or supported by hardware manufacturers and will allow for the designation of authorized applications. Financial institutions interested in using this new tool will define authorizations at the network or enterprise level. Applications will be checked against the list to evaluate trustworthiness and prevented from executing if not authorized. Microsoft’s intent for this feature is to assist in preventing execution of malicious code, as modification of an existing previously authorized application would cause it to be de-authorized. It is important to note that Microsoft specifically mentions Device Guard will not prevent macros within documents from running; thus, the feature would enhance but not remove the need to continue using existing anti-virus and anti-malware solutions.

Windows 10’s new Identity Management features are called Windows Hello and Microsoft Passport. These features can supplement or replace the existing password mechanisms most commonly in use today. Windows Hello deals specifically with biometric user authentication. Microsoft indicated that fingerprint scanning, iris scanning and picture identification will all be supported; of course, specific hardware may be required in order to use these features. The Microsoft Passport feature in Windows 10 will authenticate and authorize users to a service or a network by using a cryptographic key stored on a hardware device. This technology has been in use for years with smart cards, but Microsoft is aiming to integrate this into the hardware of devices running Windows 10. Microsoft Passport, when used in conjunction with Windows Hello, would require both biometric and specific hardware requirements to access a user’s account. This multi-factor authentication approach would provide superior security over the traditional username/password combination.

This concludes our series exploring Windows 10. Microsoft plans to release Windows 10 to the general public starting on July 29, 2015. Please reach out to Safe Systems if you need assistance with your Windows 10 upgrade.




Free White Paper



Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.



Dispelling 5 IT Outsourcing Myths within Financial Institutions



23 Jul 2015

What Community Bank IT Administrators Need to Know About Windows 10 Usability and Software Updates

Windows 10

This post is the second in a three part series exploring aspects of Windows 10. Part 1 discusses market statistics, and Part 3 discusses changes to the security posture in Windows 10.

Microsoft appears to be positioning Windows 10 to address the usability concerns many had with Windows 8. In theory, Windows 8 itself could be interpreted as an overreaction to the proliferation of touchscreen devices of the past few years. In an attempt to make Windows 8 an iOS competitor, Microsoft appears to have swung wide by removing the familiar Start menu and focusing more on touch-responsive UI and navigation.

Now, with the reintroduction of the Start button and a sharper focus on usability and navigation with a mouse, perhaps Microsoft can address the issues that made Windows 8 such a jolting transition. The revised Start button will function as a cross between the Start button of Windows 7 and the Start screen of Windows 8. Further, Microsoft appears to be making efforts to ensure that the user experience will be flexible enough to serve the needs of both desktop/laptop and tablet/smartphone users.

Another evolving feature that somewhat bridges the gap between usability and security in Windows 10 is the software update mechanism. Traditionally, Microsoft has provided an intermittent update cycle, through which they professed to not add new features outside of major version updates. In reality, what we have seen over the years was a major version release (Windows XP, 7, 8), and subsequent smaller updates in the form of “R2” releases or Service Packs. Windows 10 looks to introduce a more frequent update schedule that will make use of update “tracks.” This will allow administrators and users to select between a slow update speed and a fast update speed. Users on the fast track will receive updates earlier, and those on the slow track will get updates more slowly. This will bring Microsoft in closer alignment with the faster update schedule of Google Chrome, while still allowing a robust testing base. It should be noted that this paradigm only applies to feature updates. Security updates will still be deployed on a monthly basis, and the existing Microsoft Update system appears to be more or less intact in current preview versions.




Free White Paper



Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.



Dispelling 5 IT Outsourcing Myths within Financial Institutions



21 Jul 2015

Windows 10, What it Means to Community Banks and Credit Unions

 
 
Windows 10 Offers Community Banks and Credit Unions Improved Security

This post is the first in a three part series exploring aspects of Windows 10. Part 2 dives into the usability changes Microsoft has made in Windows 10, and Part 3 discusses changes to the security posture in Windows 10.

For nearly the past year Microsoft has been gearing up for the upcoming release of Windows 10. It will be the direct successor to the much maligned Windows 8, and a more spiritual successor to Windows 7. If you have seen Windows 9 in the wild, please let us know. It seems to have disappeared from Microsoft’s grand vision.

If you are reading these words on a desktop in mid-2015, there is a very good chance you are doing so on a Windows 7 machine. Hopefully, you are not still using a Windows XP device. If you are, fingers crossed in hopes that your auditor doesn’t know about it. Statistically speaking though, you probably are NOT using Windows 8.

The banking industry (perhaps even more so than the US at large) seems to have largely skipped out on Windows 8. By my recent count of NetComply client endpoints running a Desktop operating system, roughly 0.4% are currently running Windows 8 or 8.1. Put another way, for every 250 endpoints roughly one of those is running Windows 8. In fact, there are currently three times more Windows XP than Windows 8 devices within our NetComply clients. Thankfully, none of those XP devices are on your network! Right?

Given that Windows 7 was first released in July of 2009, one need not read too deeply to see Microsoft is expecting to upgrade many existing devices to Windows 10. Interestingly, Microsoft has indicated that it will provide free upgrades to Windows 10 for existing installs of Windows 7 and 8 on the consumer side. This may lend further credence to the theory that they are expecting to make up the difference in revenue from the business and enterprise side.



Free White Paper



Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.



Dispelling 5 IT Outsourcing Myths within Financial Institutions



14 Jul 2015

5 Things Community Bankers Should Consider when Choosing Hardware and Software Partners

5 Things Community Bankers Should Consider when Choosing  Hardware and Software Partners

Choosing who to trust and depend on when purchasing technology hardware and software is challenging, especially for community bankers. We have noticed that many bankers struggle with choosing the right hardware and software solutions that will work with their IT infrastructure and truly benefit their financial institution.

Today, many community banks are looking for IT systems to improve efficiencies in their organization. In addition, community bankers now need to meet mounting regulatory compliance requirements, which has increased the need for specialized expertise. Community banks also face challenges in providing competitive products and services their customers expect, while maintaining the advantages of being local banks.

All these concerns can amount to a lot of confusion for community banking executives. To avoid choosing the wrong IT solutions and vendors, we’ve highlighted some areas community bankers should consider to help avoid costly mistakes when choosing hardware and software partners.

  1. Does your hardware and software vendor understand the technical requirements of your core banking platform?

    Having the knowledge and ability to work with your core banking provider is imperative for all IT vendors that work with your financial institution. Vendors must know the inner workings of the core banking application. They should also be familiar with the various products that the core provider uses. It is also helpful for vendors to have a repository of core product specs to refer to before ordering equipment.

  2. Will the vendor understand your business?

    Hardware vendors and service providers must truly understand the ins and outs of operating a community bank. For example, they must understand the priority of a customer-facing teller line and the best technology needed to deliver such service. Another thing to consider is: will they listen to your banking business needs and make a recommendation based on solving those needs, not just placing a piece of hardware?

  3. Will your vendor understand regulatory compliance requirements?

    The ever-changing world of financial regulatory compliance governs every aspect of your IT network; and that includes what hardware and software you choose to deploy. In today’s banking environment, vendors must be able to make recommendations on how to manage hardware and software to meet regulatory expectations, including making sure your hardware stays under warranty and your software stays under support (i.e., when there is a critical service being run on a server, you can’t have the server warranty expire); certifying that you can always access your critical services as a part of a business continuity plan; and warranting that software is kept up to date with security updates.


    Read: Extending the Life of Your Hardware Maintaining hardware warranties
  4. Will your vendor have a plan or are they just filling orders?

    Building an IT network without a plan is like building a house without a blueprint. In order for hardware and software implementations to be successful, bankers and vendors must agree on a plan. A smart way for bankers to move forward is developing a strategic IT plan to manage your current business and provide a foundation to support new technology and services.

  5. Does your vendor have the ability to recognize and discuss trends within the banking industry?


    Technology is ever changing and it is nearly impossible for anyone to keep up with all the advancements happening day to day. Look for a partner with numerous bank clients facing similar challenges every day and one that has the experience of finding the best solutions for these challenges. Bankers need to employ new but stable technology with a focus on performance, security and recoverability.




Free White Paper



Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.



Dispelling 5 IT Outsourcing Myths within Financial Institutions



08 Jul 2015

4 Reasons Why Your Local IT Support May No Longer Be a Good Fit for Your Institution

Does Your Local IT Support Company Provide Fully-Compliant IT and Security Services for Your Community Bank?

It is very common to have people that you know in the community who run great IT companies. Many of these people often have personal relationships with the bank and bank employees, may have accounts with the bank, and may even have stock or sit on the board of the bank. In addition to the established personal relationship, most banks also like the idea of having someone who can physically be at the bank to assist when something breaks or needs attention.

These are all valid reasons for using a local IT service provider; however, it is also important to understand the risks that these providers pose to your institution, especially given today’s oversight environment.

  1. Examiner expectations

    In recent years the FFIEC has published very clear regulations focused on vendor management. To this point, several IT Examination Handbook booklets address managed security providers and cloud services. For example, the Outsourcing Technology Services and Business Continuity Planning booklets both contain explicit guidance on technology service providers.

  2. IT vendors that provide services, including antivirus, patch management, and event logging, have heightened expectations from the regulators. Your institution must perform a risk assessment on each vendor to validate that they conduct themselves in a sound and secure manner. Ideally, technology service providers should submit themselves to independent audits that take Trust Service principles into account (security, availability, processing integrity, confidentiality and privacy), and provide evidence in the form of an audit report. Many local IT support companies may not have the audits to validate that they are managing outsourced business processes consistent with the way financial institutions must manage them.

  3. They don’t know the expectations specific to our industry

    In the same addenda mentioned above, the regulators address risk assessment processes for IT vendors. They specifically mention knowing how many financial institution customers the vendors have versus their total customer counts. Vendors that don’t have a large number and percentage of their customers as financial institutions may not have the proper controls in place to validate compliance.

    From a purely technical perspective, working with banks is more complex. For example, one of the great advantages of technology management today is the ability to work remotely. Vendors with remote access that have no way to log and track access are not acceptable from either a business or compliance risk perspective.

  4. Limited knowledge of banking applications

    One recurring theme with vendors that support multiple industries is that they are usually very good at supporting systems that are common among their customer base. This includes items like Microsoft Office, email, printing and network communications. When vendors are supporting your systems their knowledge of your banking applications is vital. Making sure that the teller, new account, imaging, loan, and other applications continue to work within the updated IT infrastructure is imperative. In today’s world customers expect minimal downtime, and having a vendor with limited expertise in your bank’s critical applications lengthens the time required for problem resolution. When you need help with IT support, you don’t have time for your vendor to learn how the applications work before they start resolving the problem.

  5. Lack of documentation and reporting

    Most IT vendors are quite good at working to fix a problem or setting up systems to work correctly. However, that technical configuration is just a piece of the puzzle. As a regulated financial institution, you can’t outsource responsibility, so having proper reporting and documentation is imperative. You must prove that the way your devices are configured and managed adhere to your Information Security policies. For instance, if you can’t install a patch because it will break the teller system, you have to document the reasons why the patch was not deployed. This type of reporting and validation needs to be available so the technology steering committee and senior management can make informed decisions about IT issues.

Perhaps more importantly, auditors and examiners will also expect a thorough paper trail to prove that daily practices match defined policies and procedures. In today’s ever-changing environment of regulatory compliance requirements, it is essential your financial institution’s policies, procedures and practices are in perfect alignment with regulator’s expectations. Not doing so can cost your bank severely.
As a reputable partner to community banks, Safe Systems specializes in delivering technology, security and compliance products and services. We understand that community financial institutions like yours are under pressure to manage the constant evolution of technology and compliance. We maintain the proper audit certifications (SOC 2, Type II) to assure your examiners that our business practices are sound and secure. With our expert solutions, you can stay ahead of this ever changing environment while managing costs and limited resources.



Free White Paper



Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.



Dispelling 5 IT Outsourcing Myths within Financial Institutions



26 Feb 2015

How to Use Remote Server Admin Tools to Manage Active Directory Users and Computers

There are many reasons to step away from your desk. Coffee, for example, is an excellent reason. Or maybe you just need to stretch your legs (honestly, you probably deserve to take a break). But managing the functionality provided by your servers need not be a reason to leave your desk. With the right mix of tools you can control and manage many aspects of your servers and your domain(s) from the convenience of your primary machine.

When it comes to managing the network at a distance Windows Terminal Services\Remote Desktop and VMWare’s ESX VSphere (for those of you with a little virtual in your infrastructure) are two well-documented options. In this article I’d like to introduce you to a third, possibly less well known option – the Remote Server Admin Tool (RSAT). This optional update from Microsoft (KB958830, although it is not available through Windows/Microsoft Update) can allow easy access to server functions right from your desktop.

RSAT extends the functionality provided by the Microsoft Management Console (MMC). The MMC offers a centralized interface into which specific functionalities can be snapped.


Manage Server Roles and Features

    TechComplyImage_20150226_set2_01

  1. You can access the MMC by pressing the Start button and typing MMC into the search box. Note: Depending on the current inherent or delegated administrative rights assigned to your user account, you may need to use the “Run as Administrator” function when opening the MMC.
  2. TechComplyImage_20150226_set2_02

  3. Here, you can see the MMC in its default state.
  4. TechComplyImage_20150226_set2_03

  5. The default console is rather sparse, so your next step is to start adding snap-ins. From within the MMC, click on “File”, and then “Add/Remove Snap Ins”.
  6. TechComplyImage_20150226_set2_04

  7. By selecting items from the left pane (“Available snap-ins”), and clicking “Add” to move them to the right pane (“Selected snap-ins”), you will add those items into the console, as shown here.

You can now manage those Server Roles and Features as if you were interacting with them directly on the server! This is especially useful for unlocking domain accounts, managing group assignments, or (re)configuring group policy objects. However there are quite a few more specialized features you can manage with RSAT, some of which are shown in the “Add/Remove snap-ins” screenshot above.


Setting Up RSAT

(Updated May 11, 2020)

    RSAT Steps

  1. Open the Start menu, and search for Settings.
  2. RSAT Steps

  3. Once within Settings, go to Apps.
  4. RSAT Steps

  5. Click Manage Optional Features.
  6. RSAT Steps

  7. Click Add a feature.
  8. RSAT Steps

  9. Scroll down to the RSAT features you would like installed.
  10. RSAT Steps

  11. Click to install the selected RSAT feature.
  12. RSAT Steps

  13. Click back to the Manage Optional Features menu and you will see it installing.
  14. RSAT Steps

  15. It will also be in this list to uninstall afterwards.

Download RSAT (not required for W10): https://www.microsoft.com/en-us/download/details.aspx?id=45520

Microsoft’s RSAT documentation page (has an updated system requirements): https://docs.microsoft.com/en-us/windows-server/remote/remote-server-administration-tools


One more note on the MMC: Nobody likes to repeat themselves, so once you have selected your snap-ins of choice, you should save your console to a location of your choosing for quick access.

In summary, after a brief initial setup you can use the Remote Server Admin Tool to enhance the Windows Microsoft Management Console and manage aspects of your Domain, Active Directory, and Network directly from your desktop. You may be surprised at just how quick, easy, and powerful the combination of RSAT and MMC can be. Now, how about that cup of coffee?




Free White Paper



Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.



Dispelling 5 IT Outsourcing Myths within Financial Institutions



26 Feb 2015

How to Delegate Control in Active Directory Users and Computers

The Least Privilege Dilemma

A common trend from Auditors and Examiners lately is the review and questioning of accounts with administrative-level access. A linchpin for information security, The Principle of Least Privilege, states that an individual or account should only be granted the minimum amount of access needed to accomplish the role defined for them. Managing user accounts in Microsoft’s Active Directory is one place where this principle can be overlooked. The “easiest” way to allow someone access to manage users (unlock, reset password, create, delete, etc) is to add them to the Domain Admins security group. It is a rather common practice for institutions to grant an individual a second network login with these administrative privileges in order for that individual to service day-to-day user account needs in Active Directory Users and Computers (ADUC).

While this approach is appropriate in some cases, a security issue arises when the individual’s sole administrative responsibility is managing users. Granting a user Domain Administrator access, enables them to do much more than managing users. Domain Admins can remotely access servers, change permissions on folders, create/edit group policy, view contents of folders, and much more. While you may trust the user not to abuse their access, it can be difficult to defend this high level access during an audit.

Why Delegate Control?

If you have individuals who need “administrative access” strictly for resetting or unlocking a password, then you should consider delegating control. You can delegate control to a user for account administration without giving them the extraneous and potentially dangerous access a traditional administrative account commands. Typically, giving a user this reduced degree of access is more than sufficient for the job they need to perform. This can be done at a Domain level or, depending on your ADUC structure, more granularly at the Branch level.

The next few sections offer different scenarios of how you may choose to implement this.

Step-by-Step Instructions

I’ve detailed 3 different options below for delegating varying levels of user management in the steps below, ordered from the option with the greatest amount of control to the option with the least. Please choose the option that best fits your institution’s needs. All 3 option start with the same “Prep Work,” where you will create a group and decide where to delegate control.

A recommendation before you begin: While reporting on which users have Domain Admin group membership is easy, reporting on which users have certain delegated controls is not easy at all. For this reason, I recommend creating groups in ADUC and applying all delegated controls to these groups rather than to individual user accounts. Not only will this will grant you more flexibility to add users to (or remove users from) this group as business needs change, but the group will also act as a reporting touchpoint. Whether you take advantage of Safe Systems monthly reports posted to TheSafe, or if you use a tool like Dumpsec to monitor ADUC Users and Groups, tracking a single group is much easier than keeping tabs on multiple delegated employee accounts.


Prep Work (All Options)

    How to Delegate Control in Active Directory Users and Computers

  1. Create a group as mentioned above to which you can apply these rights.

    Again, you can assign these rights to individuals instead of groups, but reporting and managing this going forward becomes an issue.

    In Active Directory, right-click the Organizational Unit (folder icon with pc image on it) in which you wish to create the new group, and choose the option to create a new group object. Name the group, choose the scope, and select “Security” for the Group Type.

  2. How to Delegate Control in Active Directory Users and Computers

  3. Right click where you want these rights applied. There are two options I will list here – Domain-level or Organizational Unit-level.

    First, the Domain-level. Right click on the Domain and delegate control, giving the group the ability to make these changes to everyone in the domain.

    How to Delegate Control in Active Directory Users and ComputersOr, right click on a specific Organizational Unit, and delegate the control at that level. This will limit the controls assigned to only the accounts under the Organization Unit. This is a good option if you want a specific user at a branch to only manage the users at their branch.

  4. How to Delegate Control in Active Directory Users and Computers

  5. Assign the group or individual to get these delegated controls, then click OK to close the Select Users, Computers, or Groups window. Click Next to continue.

OPTION 1: Delegating the ability to Add/Remove/Reset/Unlock Users

    Consider creating a separate account for the user to assign these enhanced security rights. For example, their login account for logging into the network and performing their daily task may be JDoe, but a separate account named John.Doe may be created and added to the security group that receives this delegated control.

    How to Delegate Control in Active Directory Users and Computers

  1. Select the specific rights you wish to delegate, then click Next. For this option, you will choose the option to “Create, delete, and manage user accounts”.
  2. How to Delegate Control in Active Directory Users and Computers

  3. Click Finish and you are done.

OPTION 2: Delegating the ability to Reset/Unlock Users

    Less control than Option 1

    How to Delegate Control in Active Directory Users and Computers

  1. Follow all steps 1 – 3 in the Prep Work section above until you reach the Delegation of Control Wizard window.
  2. Assign the rights you want to delegate, then click Next. For this option you will need to choose the option to “Rest user passwords and force password change at next logon” to grant a more limited privilege level.
  3. How to Delegate Control in Active Directory Users and Computers

  4. Select Finish to complete.

OPTION 3: Delegating the ability to Unlock Users only

    Less control than Options 1 or 2

    How to Delegate Control in Active Directory Users and Computers

  1. Follow all steps 1 – 3 in the Prep Work section above until you reach the Delegation of Control Wizard window.
  2. There is no canned option for this limited degree of access, so you must create a custom task by selecting the “Create a custom task to delegate” radio button, then click Next.
  3. How to Delegate Control in Active Directory Users and Computers

  4. Select “Only the following objects in the folder” and then select “User objects”, then click Next.
  5. How to Delegate Control in Active Directory Users and Computers

  6. Select “Property-specific” and then scroll down to find Read and Write Lockout times. Select these items as well, then click Next.
  7. How to Delegate Control in Active Directory Users and Computers

  8. Select Finish to complete.

Delegating controls is a great first step in implementing the Principle of Least Privilege on your domain level accounts. There is one aspect of this change that is not addressed in this article, and that is how the user will access ADUC after making this change. Please see our article in this month’s newsletter about Remote Server Administration Tools, as this will most likely be your best option to allow the users to manage ADUC going forward.



Free White Paper



Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.



Dispelling 5 IT Outsourcing Myths within Financial Institutions