Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Return to Table of Contents of the article series
The following documents and authors were used as core reference in this guide.
Security (General)
| Ref. no. | Document |
Description |
| [1.] | Microsoft Security Intelligence Report | https://www.microsoft.com/security/sir/default.aspx |
| [2.] | Security Risk Management Guide | https://technet.microsoft.com/library/cc163143.aspx |
| [3.] | IT Infrastructure Threat Modeling Guide | https://www.microsoft.com/en-us/download/details.aspx?id=2220
To download a copy of the IT Infrastructure Threat Modeling Guide, click here. |
| [4.] | The Administrator Accounts Security Planning Guide | https://technet.microsoft.com/en-us/library/cc162797.aspx
Click here to download The Administrator Accounts Security Planning Guide from the Microsoft Download Center. |
| [5.] | Segregation of duties aka. Separation of duties | https://en.wikipedia.org/wiki/Separation_of_duties |
| [6.] | Principle of least privilege | https://en.wikipedia.org/wiki/Principle_of_least_privilege |
| [7.] | Privilege separation | https://en.wikipedia.org/wiki/Privilege_separation |
| [8.] | 4-eyes principle | https://whatis.techtarget.com/definition/four-eyes-principle |
FIM
Overview
| Ref. no. | Document | Description |
| [9.] | FIM 2010 Technical Overview | https://technet.microsoft.com/en-us/library/ff621362(v=ws.10).aspx |
FIM Best practices
| Ref. no. | Document | Description |
| [10.] | Forefront Identity Manager 2010 R Best Practices General | https://aka.ms/fimbeforeyoubegin |
| [11.] | Change the Forefront Identity Manager 2010 R Synchronization Service Account | https://technet.microsoft.com/en-us/library/jj590224(v=ws.10).aspx |
FIM Security
| Ref. no. | Document | Description |
|---|---|---|
| [12.] | FIM 2010 Installation Guide > Before you begin | https://aka.ms/fimbeforeyoubegin |
| [13.] | Using Security Groups |
https://aka.ms/fimsecuritygroups
https://technet.microsoft.com/en-us/library/jj590183(v=ws.10).aspx |
| [14.] | Test Lab Guide: Installing Forefront Identity Manager 2010 R2 | https://technet.microsoft.com/en-us/library/hh322905(v=ws.10).aspx |
| [15.] | Step 7: Perform FIM 2010 R Prerequisite Tasks | https://technet.microsoft.com/en-us/library/hh322882(v=ws.10) |
| [16.] | FIM 2010 R Kerberos Settings (SPN Configuration) | https://technet.microsoft.com/en-us/library/jj134299(v=ws.10).aspx |
| [17.] | Considerations for New Installation of FIM 2010 R2 | https://technet.microsoft.com/en-us/library/jj134293(v=ws.10).aspx |
| [18.] | Installing the FIM 2010 R Server Components | https://technet.microsoft.com/en-us/library/hh332711(v=ws.10).aspx |
FIM Best practices for security
| Ref. no. | Title (alphabetically) | URL |
| [19.] | Forefront Identity Manager 2010 R Best Practices for Security | https://aka.ms/fim2010r2bestpracticessecurity |
| [20.] | FIM 2010 (R2): Well-known GUIDS | https://aka.ms/FIMGuids |
| [21.] | Best practices for the FIM Portal Administrator account | https://www.wapshere.com/missmiis/best-practices-for-the-fim-portal-administrator-account |
FIM Best practice analyzer
| Ref. no. | Title (alphabetically) | URL |
| [22.] | FIM 2010 R2: Same Account being used for FIM Synchronization Service and FIM MA |
https://technet.microsoft.com/en-us/library/jj204553(v=ws.10).aspx |
| [23.] | FIM 2010 R2: FIM Service or the FIM Synchronization Service Account does not have Deny Logon As Batch Job set | https://technet.microsoft.com/en-us/library/jj204563(v=ws.10).aspx |
FIM Sync
| Ref. no. | Title (alphabetically) | URL |
| [24.] | Forefront Identity Manager Password Management | https://technet.microsoft.com/en-us/library/jj590203(v=ws.10).aspx |
| [25.] | Management Agent Communication Ports, Rights, and Permissions | https://aka.ms/fim_portsrightspermissions |
FIM PCNS
| Ref. no. | Title (alphabetically) | URL |
| [26.] | Forefront Identity Manager Password Management | https://technet.microsoft.com/en-us/library/jj590203(v=ws.10).aspx |
| [27.] | Pcnscfg: Password Change Notification Service (PCNS) Configuration Utility |
https://technet.microsoft.com/en-us/library/jj590227(v=ws.10).aspx |
| [28.] | Using Password Synchronization | https://technet.microsoft.com/en-us/library/jj590288(v=ws.10).aspx |
FIM Service
| Ref. no. | Title (alphabetically) | URL |
| [29.] | Configure Message Delivery Restrictions | https://go.microsoft.com/fwlink/?LinkId=183625 |
| [30.] | Configure Message Size Limits for a Mailbox or a Mail-enabled Public Folder |
https://go.microsoft.com/fwlink/?LinkId=183626 |
| [31.] | Configure Storage Quotas for a Mailbox | https://go.microsoft.com/fwlink/?LinkId=156929 |
FIM SSPR
| Ref. no. | Title (alphabetically) |
URL |
| [32.] | To allow SSPR for users that forgot their password you must allow anonymous access to the password reset portal. | https://technet.microsoft.com/en-us/library/ee534892(v=ws.10).aspx#allow_anony_access_pswd_reset_portal |
| [33.] | Password Reset Deployment Guide | https://technet.microsoft.com/en-us/library/ee534892(v=ws.10).aspx |
| [34.] | Password Registration and Reset Portal Deployment | https://technet.microsoft.com/en-us/library/jj134295(v=ws.10).aspx |
FIM CM
| Ref. no. | Title (alphabetically) |
URL |
| [35.] | Create FIM 2010 CM service accounts using PowerShell | https://konab.com/create-fim-2010-cm-service-accounts-using-PowerShell/ |
| [36.] | Create an OU and User Accounts for FIM CM Agents | https://technet.microsoft.com/en-us/library/gg430115(v=ws.10).aspx |
FIM Reporting
| Ref. no. | Title (alphabetically) |
URL |
| [37.] | FIM 2010 R Reporting Permissions | https://aka.ms/fimreportingpermissions |
BHOLD
| Ref. no. | Title (alphabetically) | URL |
| [38.] | FIM 2010: Quick Guide to installing BHOLD Core | https://social.technet.microsoft.com/wiki/contents/articles/18334.fim-2010-quick-guide-to-installing-bhold-core.aspx |
| [39.] | Microsoft BHOLD Suite SP1 Installation Guide | https://technet.microsoft.com/en-us/library/jj134107(v=ws.10).aspx |
| [40.] | BHOLD Core Installation | https://technet.microsoft.com/en-us/library/jj134095(v=ws.10).aspx |
| [41.] | BHOLD Core technical reference | https://technet.microsoft.com/en-us/library/jj134937(v=ws.10).aspx |
SQL Server
| Ref. no. | Title (alphabetically) | URL |
| [42.] | Guidelines on choosing Service Accounts for SQL Server Services. |
https://support.microsoft.com/kb/2160720 |
| [43.] | Server Configuration - Service Accounts | https://msdn.microsoft.com/en-us/library/cc281953.aspx |
| [44.] | SQL Server 2005 Security Best Practices - Operational and Administrative Tasks | https://aka.ms/sql2005securitybestpractices |
| [45.] | SQL Server 2008 R Security Best Practice Whitepaper | https://aka.ms/sql2008securitybestpractices |
| [46.] | SQL Server 201 Security Best Practice Whitepaper | https://aka.ms/sql2012securitybestpractices |
| [47.] | Service Account Types Supported for SQL Server Agent: | https://go.microsoft.com/fwlink/?LinkId=183624 |
| [48.] | Selecting an Account for the SQL Server Agent Service | https://go.microsoft.com/fwlink/?LinkId=12295 |
SharePoint
| Ref. no. | Title (alphabetically) |
URL |
|---|---|---|
| [49.] | Plan for administrative and service accounts (Office SharePoint Server) | https://technet.microsoft.com/en-us/library/cc263445(v=office.12).aspx |
| [50.] | Plan administrative tasks in a least-privilege environment (SharePoint Server 2010) | https://technet.microsoft.com/en-us/library/hh377944(v=office.14).aspx |
| [51.] | Initial deployment administrative and service accounts (SharePoint Server 2010 | https://technet.microsoft.com/en-us/library/ee662513%28v=office.14%29.aspx |
| [52.] | Administrative accounts | https://technet.microsoft.com/en-us/library/55b99d80-3fa7-49f0-bdf4-adb5aa959019(v=office.14)#Section2 |
| [53.] | Harden SQL Server for SharePoint environments (SharePoint Server 2010) | https://technet.microsoft.com/en-us/library/ff607733(v=office.14).aspx |
IIS
| Ref. no. | Title (alphabetically) | URL |
| [54.] | Security Best Practices for IIS 8 | https://technet.microsoft.com/en-us/library/cc263445(v=office.12).aspx |
Download
Download the entire guide at once, in PDF version from Technet Gallery 
.
This document has some additional content, which is not available online.
Direct Links
- FIM/MIM: Planning security setup for accounts, groups and services - Table of contents
- FIM/MIM: Planning security setup for accounts, groups and services - Part 1. Introduction
- FIM/MIM: Planning security setup for accounts, groups and services - Part 2. FIM Security principles
- FIM/MIM: Planning security setup for accounts, groups and services - Part 3. Compact Checklist
- FIM/MIM: Planning security setup for accounts, groups and services - Part 4. Detailed Description
- FIM/MIM: Planning security setup for accounts, groups and services - Part 5. Operational Best Practices
- FIM/MIM: Planning security setup for accounts, groups and services - Part 6. References & authoritative resources** **
- FIM/MIM: Planning security setup for accounts, groups and services - Part 7. Additional resources** **
- FIM/MIM: Planning security setup for accounts, groups and services - Part 8. Glossary
- Identity Manager (FIM/MIM): Planning security setup for accounts, groups and services - Part 9. Release Schedule
- Identity Manager (FIM/MIM): Planning security for accounts, groups and services - Core account type differentiators (Part 10)
Return to Table of Contents of the article series.