Small Business Server Support, Server Support Services, Online Server Support

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, 17 March 2009

Security Configuration Wizard in Windows 2003 Server

Posted on 06:12 by Unknown
New in Windows Server 2003 SP1 and R2, Microsoft has made available a tool that will help you to determine exactly what is running on your Windows Server 2003 system and be able to reduce the surface area of your server, thereby making it less vulnerable to an attack. In short, through the use of the Security Configuration Wizard, you can take a very granular look at your system and disable non-required functionality.

The Security Configuration Wizard does not automatically install when you install SP1 or R2. Follow these steps to install:

1. Go to Start | Settings | Control Panel
2. Choose Add or Remove Programs.
3. Choose Add/Remove Windows Components
4. Select the check box for Security Configuration Wizard, click Next. Make sure you have your source media available.

After installation is complete, the Security Configuration Wizard is available from Start > All Programs | Administrative Tools | Security Configuration Wizard.

When you initially run the tool, you need to provide a server to use as a baseline. Further in the Wizard, you will see a complete list of the potential roles for your server, from both a server and a client perspective. For example, you might have one server that runs the SMS 2003 server, and another that has the SMS 2003 client installed. Select the roles for this server. You can also choose whether to enable administrative services, such as BITS (Background Intelligent Transfer Service), Browser, Browse Master, Remote Desktop, SQL Server Agent, and more. Microsoft can't be on top of every possible server service on your server, so the Wizard also provides you with the capability to either ignore or disable any services that are not on the lists.

Beyond services, the Wizard also allows you to specifically allow or deny specific TCP/IP ports. Also, you can use the tool to restrict access to a specific TCP/IP port to a single computer or a range of IP addresses. For example, if you want to allow only people on your administrative network permission to establish any kind of connection using Remote Desktop, you could restrict port 3389 to just that subnet.

You can also make policy changes that affect the handling of SMB file and print traffic. For example, if your server has enough excess capacity, you can require signing for all SMB traffic to prevent man-in-the-middle type attacks on your clients. The same goes for signing all LDAP traffic. In the policy, you can indicate that all clients that connect run a version of at least SP3 for Windows 2000 to help protect LDAP information on your network.

Other areas addressed in the tool:

* Audit settings: Determine if you want to enable auditing and, if so, if you want to log successful, or both successful and unsuccessful activities.
* IIS: Which IIS extensions do you want to enable? For example, ASP.NET 1.1, ASP.NET 2.0, Server Side Includes, WebDAV, etc. Also, which virtual directories should be enabled? You might want, for example, to block access to the IISAdmin folder.

Source
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Microsoft Windows, Microsoft Windows 2003, Microsoft Windows Server 2003, Security Configuration Wizard, server..., Servers, Windows Server 2003 Tips | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Windows Server 2008: Active Directory Domain Services Auditing Capabilities Explained
    Active Directory Domain Services Auditing has remained fairly consistent since the first release of Active Directory in Windows 2000 Server...
  • How to Implement Outlook Web Access for Exchange Server 2007
    Implementing Outlook Web Access Once the Client Access role is installed on your Exchange Server , the OWA is available to your remote users...
  • Latest Gmail Outage Raises Concerns for Small Business
    Sometimes, your greatest assets can become costly liabilities. Google's remarkable success and rapid growth over the past few years may ...
  • Four Windows Server 2008 Storage Improvements
    With the release of Windows Server 2008 , Microsoft is making a number of improvements to the server's underlying storage mechanisms. He...
  • Data Recovery Options in Windows 2000 Server
    If your Windows 2000 Server crashes, you may not have to take the long way back to data recovery. Jim Boyce explores several options that m...
  • How to install the Windows 2000 Support Tools to a Windows 2000 Server-based computer
    Support personnel and network administrators can use the Windows 2000 Support Tools to help manage their networks and troubleshoot problems...
  • How do I install or remove Windows on Windows 64 (WoW64) on my Windows Server 2008 R2 server core installation?
    The WoW64 component is named ServerCore-WOW64. To install it, use the standard ocsetup method: Start /w ocsetup ServerCore-WOW64 To uninstal...

Categories

  • Active directory
  • Azaleos SharePoint Services
  • business tech support
  • Dell
  • dell server
  • DHCP server
  • exchange server
  • exchange server 2007
  • file server
  • IBM
  • Internet Information Server
  • IT support services
  • Microosft windows server
  • Microosft windows server 2000
  • Microosft windows server 2003
  • Microsoft Exchange
  • Microsoft Exchange environments
  • Microsoft Home Server
  • Microsoft SQL Server
  • Microsoft Windows
  • Microsoft Windows 2003
  • Microsoft windows server
  • Microsoft Windows Server 2003
  • Policy Patrol 5
  • private network
  • Read-Only Domain Controller
  • Red Hat Linux
  • remote server
  • RFID-Ready Server
  • SBS 2008
  • Security Configuration Wizard
  • server performance
  • server services
  • server support
  • server...
  • Servers
  • SharePoint Services
  • Shutdown Event Tracker
  • slave server
  • small business
  • small business computer support
  • small business server
  • small business server 2003
  • small business server 2008
  • small business VOIP
  • Snow Leopard Server
  • Terminal server
  • Types of Servers
  • virtual server support
  • windows 2000 server
  • Windows 2000 Support Tools
  • windows 2003 server
  • Windows Embedded Server
  • windows home server
  • windows server
  • windows server 2003
  • Windows Server 2003 R2
  • Windows Server 2003 Tips
  • windows server 2008
  • windows server 2008 installation
  • Windows Server 2008 R2
  • Windows Server 2008 R2 Beta
  • windows server 2008 setup
  • Windows Server 2008 Terminal Services
  • Windows server 2008.
  • windows server group
  • Windows Server OS
  • windows server support
  • windows server support services
  • windows small business server
  • windows small business server 2008

Blog Archive

  • ▼  2009 (28)
    • ►  June (5)
    • ►  May (5)
    • ►  April (6)
    • ▼  March (4)
      • Power Pack 2 for Windows Home Server by Microsoft
      • Security Configuration Wizard in Windows 2003 Server
      • Way to Change Computer Name on Windows Server 2008
      • Amazon Extends EC2 Windows Support Into Europe
    • ►  February (3)
    • ►  January (5)
  • ►  2008 (17)
    • ►  December (4)
    • ►  November (4)
    • ►  October (4)
    • ►  September (1)
    • ►  July (3)
    • ►  June (1)
Powered by Blogger.

About Me

Unknown
View my complete profile