Showing results for 
Search instead for 
Did you mean: 

Using firewall rules to restrict domain controller promotion (DCPROMO)

I am currently using McAfee HIPS on my domain controllers.  I am wanting to restrict dcpromo from being ran on a member server in the event an account in the domain gets compromised and someone tries to run dcpromo on a member server in order to get a copy of the AD database.  Has anyone tried to do this or have any suggestions on how to accomplish this?  I am also running virusscan and application control (solidcore).  Any help would be greatly appreciated!

1 Reply

Re: Using firewall rules to restrict domain controller promotion (DCPROMO)

its been awhile since i have ran dcpromo. if it drops some sort of registry key, or starts a specific program, you could write a custom IPS signature to prevent this activity from occurring. If you ever did need to promote a domain controller, you would simply disable HIPS momentarily on that system.

Message was edited by: greatscott on 3/4/14 3:39:59 PM CST
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community