Wednesday, July 2, 2008

Windows Server Security Guide

The Windows Server 2003 Security Guide provides specific recommendations about how to harden computers that run Microsoft Windows Server 2003 with Service Pack 1 (SP1) in three distinct enterprise environments—one in which older operating systems such as Windows NT 4.0 and Windows 98 must be supported, one in which Windows 2000 is the earliest version of the Windows operating system in use, and one in which concern about security is so great that significant loss of client functionality and manageability is considered an acceptable trade off to achieve maximum security. These three environments are respectively referred to as the Legacy Client (LC), Enterprise Client (EC), and Specialized Security – Limited Functionality (SSLF) environments throughout this guide.

Guidance about how to harden computers in these three environments is provided for a group of distinct server roles. The countermeasures that are described and the tools that are provided assume that each server will have a single role. If you need to combine roles for some of the servers in your environment, you can customize the security templates that are included in the download able version of the guide to create the appropriate combination of services and security options. The server roles that are referenced in this guide include the following:


  • Domain controllers that also provide DNS services

  • Infrastructure servers that provide WINS and DHCP services

  • File servers

  • Print servers

  • Web servers that run Microsoft Internet Information Services (IIS)

  • Internet Authentication Services (IAS) servers

  • Certificate Services servers

  • Bastion hosts

Significant efforts were made to make this guidance well organized and easily accessible so that you can quickly find the information that you need and determine which settings are suitable for the computers in your organization. Although this guide is intended for enterprise customers, much of the information that it contains is appropriate for organizations of any size.

1 comment:

Victor Osten said...

Try and protect your computer.
If you are like me then you have probably tired many different types of scans to try and protect your computer. There are many different options available but I have found that most of them pick up the same bugs whether you pay for the scan or download a free version. Search-and-destroy Antispyware (http://www.Search-and-destroy.com) is one of the best that I have found so far and it cost less than many of the other well-known scans on the market today. If you are searching for a good scan I suggest that you check out the antispyware solution from Search-and-destroy.