cancel
Showing results for 
Search instead for 
Did you mean: 

Using firewall rules to restrict domain controller promotion (DCPROMO)

I am currently using McAfee HIPS on my domain controllers.  I am wanting to restrict dcpromo from being ran on a member server in the event an account in the domain gets compromised and someone tries to run dcpromo on a member server in order to get a copy of the AD database.  Has anyone tried to do this or have any suggestions on how to accomplish this?  I am also running virusscan and application control (solidcore).  Any help would be greatly appreciated!

1 Reply

Re: Using firewall rules to restrict domain controller promotion (DCPROMO)

its been awhile since i have ran dcpromo. if it drops some sort of registry key, or starts a specific program, you could write a custom IPS signature to prevent this activity from occurring. If you ever did need to promote a domain controller, you would simply disable HIPS momentarily on that system.

Message was edited by: greatscott on 3/4/14 3:39:59 PM CST
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community