Last year we looked at some of the specifics of how to secure a windows network from 6000 hostile users with domain creds. Those users are still there- still hostile and still hell bent on breaking our stuff. I will recap the security measures we have in place and expand upon the specifics of the important ones. But there is also a holistic approach to building an Active Directory Domain from the bottom up so that security is built in- just like software design. As I have learned more about the attack vector I have realized that following best practices in design- that on first glance appear to have little security value- do in fact build the foundation of our ongoing success at beating back the attackers. You can’t build a house on quicksand.