Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Return to Table of Contents of this article series
References
Authoritative references:
- [10.] Forefront Identity Manager 2010 R2 Best Practices General
- [19.] Forefront Identity Manager 2010 R2 Best Practices for Security
Best practices
Required settings
| Items | Ref. |
Description |
| Infrastructure Security | [10.] |
Proper setup of FIM 2010 R2 in your test lab and careful planning of your migration from test lab to production is essential to minimizing deployment problems. |
| Back up | [10.] |
After installing FIM, make a backup copy of the encryption keys. You need a copy of the encryption keys to restore from a backup, or to change the Microsoft Forefront Identity Manager 2010 R2 service account. For more information, see MIISkmu: Encryption Key Management Tool. |
| Backup | [10.] |
Test your backup and restore procedures for Microsoft Forefront Identity Manager. |
| DRP | [10.] |
Set a deletion threshold in your run profile steps to limit the number of accidental deletions. |
Best practices for security
Required settings
| Items | Ref. | Description |
| Account Security | [19.] | Control access with Microsoft Forefront Identity Manager security groups. |
| Physical Access | [19.] | Restrict physical access to computers to trusted personnel. |
| Least Privilege | [19.] | Implement user rights and permissions to restrict software access to trusted accounts. |
| Account Security | [19.] | Enforce strong password policies for all user accounts. |
| Account Security | [19.] | Lock down the Microsoft Forefront Identity Manager service account |
| Account Security | [19.] | Periodically change the Microsoft Forefront Identity Manager service account password. |
Download
Download the entire guide at once, in PDF version from Technet Gallery 
.
This document has some additional content, which is not available online.
Direct Links
- FIM 2010: Planning security setup for accounts, groups and services - Table of contents
- FIM 2010: Planning security setup for accounts, groups and services - Part 1. Introduction
- FIM 2010: Planning security setup for accounts, groups and services - Part 2. FIM Security principles
- FIM 2010: Planning security setup for accounts, groups and services - Part 3. Compact Checklist** **
- FIM 2010: Planning security setup for accounts, groups and services - Part 4. Detailed Description** **
- FIM 2010: Planning security setup for accounts, groups and services - Part 5. Operational Best Practices
- FIM 2010: Planning security setup for accounts, groups and services - Part 6. References & authoritative resources** **
- FIM 2010: Planning security setup for accounts, groups and services - Part 7. Additional resources** **
- FIM 2010: Planning security setup for accounts, groups and services - Part 8. Glossary
Return to Table of Contents of this article series