Identity Manager (FIM/MIM): Planning security setup for accounts, groups and services - Part 2. Security principles
Return to Table of Contents of this article series
References
Authoritative references:
- [10.] Forefront Identity Manager 2010 R2 Best Practices General
- [19.] Forefront Identity Manager 2010 R2 Best Practices for Security
Best practices
Required settings
| Items | Ref. |
Description |
| Infrastructure Security | [10.] |
Proper setup of FIM 2010 R2 in your test lab and careful planning of your migration from test lab to production is essential to minimizing deployment problems. |
| Back up | [10.] |
After installing FIM, make a backup copy of the encryption keys. You need a copy of the encryption keys to restore from a backup, or to change the Microsoft Forefront Identity Manager 2010 R2 service account. For more information, see MIISkmu: Encryption Key Management Tool. |
| Backup | [10.] |
Test your backup and restore procedures for Microsoft Forefront Identity Manager. |
| DRP | [10.] |
Set a deletion threshold in your run profile steps to limit the number of accidental deletions. |
Best practices for security
Required settings
| Items | Ref. | Description |
| Account Security | [19.] | Control access with Microsoft Forefront Identity Manager security groups. |
| Physical Access | [19.] | Restrict physical access to computers to trusted personnel. |
| Least Privilege | [19.] | Implement user rights and permissions to restrict software access to trusted accounts. |
| Account Security | [19.] | Enforce strong password policies for all user accounts. |
| Account Security | [19.] | Lock down the Microsoft Forefront Identity Manager service account |
| Account Security | [19.] | Periodically change the Microsoft Forefront Identity Manager service account password. |
Download
Download the entire guide at once, in PDF version from Technet Gallery 
.
This document has some additional content, which is not available online.
Direct Links
- FIM 2010: Planning security setup for accounts, groups and services - Table of contents
- FIM 2010: Planning security setup for accounts, groups and services - Part 1. Introduction
- FIM 2010: Planning security setup for accounts, groups and services - Part 2. FIM Security principles
- FIM 2010: Planning security setup for accounts, groups and services - Part 3. Compact Checklist** **
- FIM 2010: Planning security setup for accounts, groups and services - Part 4. Detailed Description** **
- FIM 2010: Planning security setup for accounts, groups and services - Part 5. Operational Best Practices
- FIM 2010: Planning security setup for accounts, groups and services - Part 6. References & authoritative resources** **
- FIM 2010: Planning security setup for accounts, groups and services - Part 7. Additional resources** **
- FIM 2010: Planning security setup for accounts, groups and services - Part 8. Glossary
Return to Table of Contents of this article series