Description Arvid Requate 2023-10-17 15:02:46 CEST

We should add links to some external essential Active Directory security best practice documentation to the UCS hardening guide:

https://help.univention.com/t/ucs-and-security-hardening/6059#samba-active-directory-domain-controller-8

For example recommendations my Microsoft:

* https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory
* https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-access-model

But also analysis recommendations by domain experts like:

* https://www.hub.trimarcsecurity.com/post/trimarc-whitepaper-owner-or-pwnd
* https://www.teal-consulting.de/en/2023/07/17/troopers-conference-recap/
* https://specterops.github.io/TierZeroTable/

As I paste links here I think that just dumping a bunch of links will make it confusing. I guess we should curate and include them into an overview text where they help to provide additional value to our customers. It's important to learn from MS AD security knowledge and apply relevant parts to UCS Samba/AD.