Administrative Model
Purpose
Administrative access must be separated by risk level.
Tiers
| Tier |
Scope |
Examples |
| Tier 0 |
Identity control plane |
Domain controllers, PKI, Tier 0 admins |
| Tier 1 |
Servers and infrastructure |
File servers, app servers, monitoring |
| Tier 2 |
Workstations and users |
Client devices and user support |
Account model
| Account |
Usage |
gnolasco |
Daily non-admin work |
adm-gnolasco |
Tier 1 / Tier 2 administration |
t0-gnolasco |
Tier 0 identity administration only |
Rules
- Do not browse the Internet from Tier 0 accounts.
- Do not use Tier 0 credentials on workstations.
- Use
HQ-MGMT01 for administration.
- Limit Domain Admin membership.