Return to Table of Contents of the article series

The following documents and authors were used as core reference in this guide.

 

Back to top


Security (General)

Ref. no.

Document

Description
[1.] Microsoft Security Intelligence Report http://www.microsoft.com/security/sir/default.aspx
[2.] Security Risk Management Guide https://technet.microsoft.com/library/cc163143.aspx
[3.] IT Infrastructure Threat Modeling Guide http://www.microsoft.com/en-us/download/details.aspx?id=2220

To download a copy of the IT Infrastructure Threat Modeling Guide, click here.

[4.] The Administrator Accounts Security Planning Guide https://technet.microsoft.com/en-us/library/cc162797.aspx

Click here to download The Administrator Accounts Security Planning Guide from the Microsoft Download Center.

[5.] Segregation of duties aka. Separation of duties https://en.wikipedia.org/wiki/Separation_of_duties
[6.] Principle of least privilege https://en.wikipedia.org/wiki/Principle_of_least_privilege
[7.] Privilege separation https://en.wikipedia.org/wiki/Privilege_separation
[8.] 4-eyes principle http://whatis.techtarget.com/definition/four-eyes-principle

 

Back to top


FIM

Overview

Ref. no. Document

Description

[9.] FIM 2010 Technical Overview https://technet.microsoft.com/en-us/library/ff621362(v=ws.10).aspx

 

Back to top


FIM Best practices

Ref. no. Document Description
[10.] Forefront Identity Manager 2010 R Best Practices General http://aka.ms/fimbeforeyoubegin
[11.] Change the Forefront Identity Manager 2010 R Synchronization Service Account

https://technet.microsoft.com/en-us/library/jj590224(v=ws.10).aspx

 

Back to top


FIM Security

Ref. no. Document Description
[12.] FIM 2010 Installation Guide > Before you begin http://aka.ms/fimbeforeyoubegin
[13.]

Using Security Groups

http://aka.ms/fimsecuritygroups

http://technet.microsoft.com/en-us/library/jj590183(v=ws.10).aspx

[14.] Test Lab Guide: Installing Forefront Identity Manager 2010 R2 http://technet.microsoft.com/en-us/library/hh322905(v=ws.10).aspx
[15.] Step 7: Perform FIM 2010 R Prerequisite Tasks http://technet.microsoft.com/en-us/library/hh322882(v=ws.10)
[16.] FIM 2010 R Kerberos Settings (SPN Configuration) http://technet.microsoft.com/en-us/library/jj134299(v=ws.10).aspx
[17.] Considerations for New Installation of FIM 2010 R2 http://technet.microsoft.com/en-us/library/jj134293(v=ws.10).aspx
[18.] Installing the FIM 2010 R Server Components https://technet.microsoft.com/en-us/library/hh332711(v=ws.10).aspx

 

Back to top


FIM Best practices for security

Ref. no. Title (alphabetically)

URL

[19.] Forefront Identity Manager 2010 R Best Practices for Security http://aka.ms/fim2010r2bestpracticessecurity
[20.] FIM 2010 (R2): Well-known GUIDS http://aka.ms/FIMGuids
[21.] Best practices for the FIM Portal Administrator account http://www.wapshere.com/missmiis/best-practices-for-the-fim-portal-administrator-account

 

Back to top


FIM Best practice analyzer

Ref. no. Title (alphabetically) URL
[22.]

FIM 2010 R2: Same Account being used for FIM Synchronization Service and FIM MA

https://technet.microsoft.com/en-us/library/jj204553(v=ws.10).aspx
[23.] FIM 2010 R2: FIM Service or the FIM Synchronization Service Account does not have Deny Logon As Batch Job set https://technet.microsoft.com/en-us/library/jj204563(v=ws.10).aspx

 

Back to top


FIM Sync

Ref. no. Title (alphabetically)

URL

[24.] Forefront Identity Manager Password Management https://technet.microsoft.com/en-us/library/jj590203(v=ws.10).aspx
[25.] Management Agent Communication Ports, Rights, and Permissions http://aka.ms/fim_portsrightspermissions

 

Back to top


FIM PCNS

Ref. no. Title (alphabetically) URL
[26.] Forefront Identity Manager Password Management https://technet.microsoft.com/en-us/library/jj590203(v=ws.10).aspx
[27.]

Pcnscfg: Password Change Notification Service (PCNS) Configuration Utility

https://technet.microsoft.com/en-us/library/jj590227(v=ws.10).aspx
[28.] Using Password Synchronization https://technet.microsoft.com/en-us/library/jj590288(v=ws.10).aspx

 

Back to top


FIM Service

Ref. no. Title (alphabetically) URL
[29.] Configure Message Delivery Restrictions http://go.microsoft.com/fwlink/?LinkId=183625
[30.]

Configure Message Size Limits for a Mailbox or a Mail-enabled Public Folder

http://go.microsoft.com/fwlink/?LinkId=183626
[31.] Configure Storage Quotas for a Mailbox http://go.microsoft.com/fwlink/?LinkId=156929

 

Back to top


FIM SSPR

Ref. no.

Title (alphabetically)

URL
[32.] To allow SSPR for users that forgot their password you must allow anonymous access to the password reset portal. https://technet.microsoft.com/en-us/library/ee534892(v=ws.10).aspx#allow_anony_access_pswd_reset_portal
[33.] Password Reset Deployment Guide https://technet.microsoft.com/en-us/library/ee534892(v=ws.10).aspx
[34.] Password Registration and Reset Portal Deployment https://technet.microsoft.com/en-us/library/jj134295(v=ws.10).aspx

 

Back to top


FIM CM

Ref. no.

Title (alphabetically)

URL
[35.] Create FIM 2010 CM service accounts using PowerShell https://konab.com/create-fim-2010-cm-service-accounts-using-PowerShell/
[36.] Create an OU and User Accounts for FIM CM Agents https://technet.microsoft.com/en-us/library/gg430115(v=ws.10).aspx

 

Back to top


FIM Reporting

Ref. no.

Title (alphabetically)

URL
[37.] FIM 2010 R Reporting Permissions http://aka.ms/fimreportingpermissions

 

Back to top


BHOLD

Ref. no. Title (alphabetically)

URL

[38.] FIM 2010: Quick Guide to installing BHOLD Core http://social.technet.microsoft.com/wiki/contents/articles/18334.fim-2010-quick-guide-to-installing-bhold-core.aspx
[39.] Microsoft BHOLD Suite SP1 Installation Guide https://technet.microsoft.com/en-us/library/jj134107(v=ws.10).aspx
[40.] BHOLD Core Installation https://technet.microsoft.com/en-us/library/jj134095(v=ws.10).aspx
[41.] BHOLD Core technical reference https://technet.microsoft.com/en-us/library/jj134937(v=ws.10).aspx

 

Back to top


SQL Server

Ref. no. Title (alphabetically) URL
[42.]

Guidelines on choosing Service Accounts for SQL Server Services.

http://support.microsoft.com/kb/2160720
[43.] Server Configuration - Service Accounts https://msdn.microsoft.com/en-us/library/cc281953.aspx
[44.] SQL Server 2005 Security Best Practices - Operational and Administrative Tasks http://aka.ms/sql2005securitybestpractices
[45.] SQL Server 2008 R Security Best Practice Whitepaper http://aka.ms/sql2008securitybestpractices
[46.] SQL Server 201 Security Best Practice Whitepaper http://aka.ms/sql2012securitybestpractices
[47.] Service Account Types Supported for SQL Server Agent: http://go.microsoft.com/fwlink/?LinkId=183624
[48.] Selecting an Account for the SQL Server Agent Service http://go.microsoft.com/fwlink/?LinkId=12295

 

Back to top


SharePoint

Ref. no.

Title (alphabetically)

URL
[49.] Plan for administrative and service accounts (Office SharePoint Server) http://technet.microsoft.com/en-us/library/cc263445(v=office.12).aspx
[50.] Plan administrative tasks in a least-privilege environment (SharePoint Server 2010) https://technet.microsoft.com/en-us/library/hh377944(v=office.14).aspx
[51.] Initial deployment administrative and service accounts (SharePoint Server 2010 https://technet.microsoft.com/en-us/library/ee662513%28v=office.14%29.aspx
[52.] Administrative accounts https://technet.microsoft.com/en-us/library/55b99d80-3fa7-49f0-bdf4-adb5aa959019(v=office.14)#Section2
[53.] Harden SQL Server for SharePoint environments (SharePoint Server 2010) https://technet.microsoft.com/en-us/library/ff607733(v=office.14).aspx

 

Back to top


IIS

Ref. no. Title (alphabetically)

URL

[54.] Security Best Practices for IIS 8 http://technet.microsoft.com/en-us/library/cc263445(v=office.12).aspx

 

Back to top


Download

Download the entire guide at once, in PDF version from Technet Gallery   .

This document has some additional content, which is not available online.


Back to top 


Direct Links

 

Return to Table of Contents of this article series

Back to top