Return to Table of Contents of this article series


References

Authoritative references:

  • [10.] Forefront Identity Manager 2010 R2 Best Practices General
  • [19.] Forefront Identity Manager 2010 R2 Best Practices for Security

 


Best practices

Required settings

 

Items

Ref.

Description
Infrastructure Security

[10.]

Proper setup of FIM 2010 R2 in your test lab and careful planning of your migration from test lab to production is essential to minimizing deployment problems.
Back up

[10.]

After installing FIM, make a backup copy of the encryption keys. You need a copy of the encryption keys to restore from a backup, or to change the Microsoft Forefront Identity Manager 2010 R2 service account. For more information, see MIISkmu: Encryption Key Management Tool.
Backup

[10.]

Test your backup and restore procedures for Microsoft Forefront Identity Manager.
DRP

[10.]

Set a deletion threshold in your run profile steps to limit the number of accidental deletions.

 


Best practices for security

 

Required settings

Items Ref. Description
Account Security [19.] Control access with Microsoft Forefront Identity Manager security groups.
Physical Access [19.] Restrict physical access to computers to trusted personnel.
Least Privilege [19.] Implement user rights and permissions to restrict software access to trusted accounts.
Account Security [19.] Enforce strong password policies for all user accounts.
Account Security [19.] Lock down the Microsoft Forefront Identity Manager service account
Account Security [19.] Periodically change the Microsoft Forefront Identity Manager service account password.

 


Download

Download the entire guide at once, in PDF version from Technet Gallery  .

This document has some additional content, which is not available online.

 


Direct Links

Return to Table of Contents of this article series