Small Business Server Support, Server Support Services, Online Server Support

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, 17 March 2009

Security Configuration Wizard in Windows 2003 Server

Posted on 06:12 by Unknown
New in Windows Server 2003 SP1 and R2, Microsoft has made available a tool that will help you to determine exactly what is running on your Windows Server 2003 system and be able to reduce the surface area of your server, thereby making it less vulnerable to an attack. In short, through the use of the Security Configuration Wizard, you can take a very granular look at your system and disable non-required functionality.

The Security Configuration Wizard does not automatically install when you install SP1 or R2. Follow these steps to install:

1. Go to Start | Settings | Control Panel
2. Choose Add or Remove Programs.
3. Choose Add/Remove Windows Components
4. Select the check box for Security Configuration Wizard, click Next. Make sure you have your source media available.

After installation is complete, the Security Configuration Wizard is available from Start > All Programs | Administrative Tools | Security Configuration Wizard.

When you initially run the tool, you need to provide a server to use as a baseline. Further in the Wizard, you will see a complete list of the potential roles for your server, from both a server and a client perspective. For example, you might have one server that runs the SMS 2003 server, and another that has the SMS 2003 client installed. Select the roles for this server. You can also choose whether to enable administrative services, such as BITS (Background Intelligent Transfer Service), Browser, Browse Master, Remote Desktop, SQL Server Agent, and more. Microsoft can't be on top of every possible server service on your server, so the Wizard also provides you with the capability to either ignore or disable any services that are not on the lists.

Beyond services, the Wizard also allows you to specifically allow or deny specific TCP/IP ports. Also, you can use the tool to restrict access to a specific TCP/IP port to a single computer or a range of IP addresses. For example, if you want to allow only people on your administrative network permission to establish any kind of connection using Remote Desktop, you could restrict port 3389 to just that subnet.

You can also make policy changes that affect the handling of SMB file and print traffic. For example, if your server has enough excess capacity, you can require signing for all SMB traffic to prevent man-in-the-middle type attacks on your clients. The same goes for signing all LDAP traffic. In the policy, you can indicate that all clients that connect run a version of at least SP3 for Windows 2000 to help protect LDAP information on your network.

Other areas addressed in the tool:

* Audit settings: Determine if you want to enable auditing and, if so, if you want to log successful, or both successful and unsuccessful activities.
* IIS: Which IIS extensions do you want to enable? For example, ASP.NET 1.1, ASP.NET 2.0, Server Side Includes, WebDAV, etc. Also, which virtual directories should be enabled? You might want, for example, to block access to the IISAdmin folder.

Source
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Microsoft Windows, Microsoft Windows 2003, Microsoft Windows Server 2003, Security Configuration Wizard, server..., Servers, Windows Server 2003 Tips | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

Categories

  • Active directory
  • Azaleos SharePoint Services
  • business tech support
  • Dell
  • dell server
  • DHCP server
  • exchange server
  • exchange server 2007
  • file server
  • IBM
  • Internet Information Server
  • IT support services
  • Microosft windows server
  • Microosft windows server 2000
  • Microosft windows server 2003
  • Microsoft Exchange
  • Microsoft Exchange environments
  • Microsoft Home Server
  • Microsoft SQL Server
  • Microsoft Windows
  • Microsoft Windows 2003
  • Microsoft windows server
  • Microsoft Windows Server 2003
  • Policy Patrol 5
  • private network
  • Read-Only Domain Controller
  • Red Hat Linux
  • remote server
  • RFID-Ready Server
  • SBS 2008
  • Security Configuration Wizard
  • server performance
  • server services
  • server support
  • server...
  • Servers
  • SharePoint Services
  • Shutdown Event Tracker
  • slave server
  • small business
  • small business computer support
  • small business server
  • small business server 2003
  • small business server 2008
  • small business VOIP
  • Snow Leopard Server
  • Terminal server
  • Types of Servers
  • virtual server support
  • windows 2000 server
  • Windows 2000 Support Tools
  • windows 2003 server
  • Windows Embedded Server
  • windows home server
  • windows server
  • windows server 2003
  • Windows Server 2003 R2
  • Windows Server 2003 Tips
  • windows server 2008
  • windows server 2008 installation
  • Windows Server 2008 R2
  • Windows Server 2008 R2 Beta
  • windows server 2008 setup
  • Windows Server 2008 Terminal Services
  • Windows server 2008.
  • windows server group
  • Windows Server OS
  • windows server support
  • windows server support services
  • windows small business server
  • windows small business server 2008

Blog Archive

  • ▼  2009 (28)
    • ►  June (5)
    • ►  May (5)
    • ►  April (6)
    • ▼  March (4)
      • Power Pack 2 for Windows Home Server by Microsoft
      • Security Configuration Wizard in Windows 2003 Server
      • Way to Change Computer Name on Windows Server 2008
      • Amazon Extends EC2 Windows Support Into Europe
    • ►  February (3)
    • ►  January (5)
  • ►  2008 (17)
    • ►  December (4)
    • ►  November (4)
    • ►  October (4)
    • ►  September (1)
    • ►  July (3)
    • ►  June (1)
Powered by Blogger.

About Me

Unknown
View my complete profile