Hello, what are the security best practices in physical (armored door, heavy locking and wall materials and card only access to server room and client computers etc) and logical(complex passwords, security permissions etc) terms. Also when a company provides a service using lots of IT methods, like mail service with exchange 2010 and file service with win 2008 r2 dfs that contains sensitive data, what are the best practices that the company is bound to take in order to be legit and avoid a law suit against it in case of data leakage. Thank you, Alexander Skordos Network Engineer Gold Certified Professional Geniusnet SA - Hellas

you can use active directory right management services for some level of security http://technet.microsoft.com/en-us/library/cc771627.aspx for password policy http://technet.microsoft.com/en-us/library/cc784090(WS.10).aspx Darshana Jayathilake

you can use active directory right management services for some level of security http://technet.microsoft.com/en-us/library/cc771627.aspx for password policy http://technet.microsoft.com/en-us/library/cc784090(WS.10).aspx Darshana Jayathilake

Hi, In addition to the above suggestions, I suggest you also read the following articles: Best Practices for Enterprise Security http://technet.microsoft.com/en-us/library/cc750076.aspx Enterprise Security Best Practices http://technet.microsoft.com/en-us/library/dd277328.aspx Meanwhile, you can use Microsoft Security Assessment Tool 4.0. It is a risk-assessment application designed to provide information and recommendations about best practices for security within an information technology (IT) infrastructure. For more information, please refer to: Microsoft Security Assessment Tool 4.0 http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=12273 Hope this helps. Regards, Bruce