Windows Certification:: Securing Windows Server 2003

CCNA

CCNP

CCSP

CCIE

A+

MCSE

	Active Directory
	Backup
	Certificate Service
	Compatibilities
	Desktop Environment
	DFS
	DHCP
	DNS
	Domains
	Exchange Outlook
	File Systems
	Group Policy
	IIS
	Installations
	Internet Explorer
	ISA
	Mobile Wireless
	Multimedia
	Netware
	Network
	Printing
	RAID
	RAS
	Recovery
	Security
	Service Packs
	System Configurations


	TCP / IP
	Terminal Services
	Utilities
	Windows Server 2000
	Windows XP
	Link Exchange


	Securing Windows Server 2003

Where to start

Security Innovations in Windows Server 2003
A secure computing infrastructure is a strategic business asset. As a leader in the computing industry, Microsoft is working to deliver secure products and to help its customers deploy and efficiently maintain them in as secure a state as possible. This paper describes the security feature enhancements in Windows Server 2003 and outlines how they facilitate business scenarios such as: building a secure Web application platform, providing secure mobile access, and streamlining identity management across the enterprise.

Technical Overview of Windows Server 2003 Security Services
This white paper describes the tools and processes that deliver important security benefits to organizations deploying Windows. As part of its commitment to reliable, secure, and dependable computing, Microsoft has reviewed every line of code underlying the Windows Server 2003 family to identify possible fail points and exploitable weaknesses.

Windows Server 2003 Security Guide
The Windows Server 2003 Security Guide focuses on providing a set of easy to understand guidance, tools, and templates to help secure Windows Server 2003 in many environments. While the product is extremely secure from the default installation, there are a number of security options that can be further configured based on specific requirements. This guidance not only provides recommendations, but also the background information on the risk that the setting is used to mitigate as well as the impact to an environment when the option is configured. Source: Microsoft.com

How to Articles

Building in Security for Applications in Windows Server 2003
This white paper outlines how the flexible, out-of-the-box security technologies in Windows Server 2003 and the Microsoft .NET Framework can help prevent malicious code from breaching a corporate firewall. It also offers suggestions for making programs of all kinds more secure and easier to manage.

HOW TO: Apply Predefined Security Templates in Windows Server 2003
Microsoft Knowledge Base Article: 816585 - This step-by-step article describes how to apply predefined security templates. Windows Server 2003 includes several predefined security templates that you can apply to increase the level of security on your network. You can modify security templates to suit your requirements by using Security Templates in Microsoft Management Console (MMC).

HOW TO: Analyze System Security in Windows Server 2003
Microsoft Knowledge Base Article: 816580 - This step-by-step article describes how to use Security Configuration and Analysis in Microsoft Management Console (MMC) to analyze and to configure security on a computer that is running Windows Server 2003.

HOW TO: Configure Group Policies to Set Security for System Services in Windows Server 2003
Microsoft Knowledge Base Article: 324802 - This article describes how to use Group Policy to set security for system services for an organizational unit in Windows Server 2003. When you implement security on system services, you can control who can manage services on a workstation, member server, or domain controller. Currently, the only way to change a system service is through a Group Policy computer setting.

HOW TO: Configure Security for Files and Folders on a Network in Windows Server 2003
Microsoft Knowledge Base Article: 325361 - This step-by-step article describes how to configure security for files and folders on a network in Windows Server 2003. This may be useful to protect data from unauthorized access.

HOW TO: Enforce a Remote Access Security Policy in Windows Server 2003
Microsoft Knowledge Base Article: 816522 - This step-by-step article describes how to enforce a remote access security policy in a Windows Server 2003-based Native-mode domain.

HOW TO: Find and Clean Up Duplicate Security Identifiers with Ntdsutil in Windows Server 2003
Microsoft Knowledge Base Article: 816099 - This article describes how to check for and clean up or remove duplicate security identifiers (SIDs) in the SAM database. A unique SID identifies each security account such as users, groups, and computers. You use an SID to uniquely identify a security account and to perform access checks against resources such as files, file folders, printers, Microsoft Exchange mailboxes, Microsoft SQL Server databases, objects that are stored in Active Directory, or any data that is protected by the Windows Server 2003 security model.

HOW TO: Harden the TCP/IP Stack Against Denial of Service Attacks in Windows Server 2003
Microsoft Knowledge Base Article: 324270 - Denial of service (DoS) attacks are network attacks that are aimed at making a computer or a particular service on a computer unavailable to network users.

HOW TO: Install a Certificate for Use with IP Security in Windows Server 2003
Microsoft Knowledge Base Article: 323342 - When IP Security (IPSec) is configured to use a Certificate Authority (CA) for mutual authentication, you must obtain a local computer certificate. This article describes how to install a local computer certificate for use with IPSec from a.stand-alone Windows CA

HOW TO: Set Event Log Security Locally or by Using Group Policy in Windows Server 2003
Microsoft Knowledge Base Article: 323076 - Windows Server 2003 permits administrators to customize security access rights to their event logs. These settings can be configured locally or through Group Policy. This article describes how to use both of these methods.

HOW TO: Set SMTP Security Options in Windows Server 2003
Microsoft Knowledge Base Article: 324285 - This step-by-step article describes how to set Simple Mail Transfer Protocol (SMTP) virtual server security options.

HOW TO: Configure Network Security for the SNMP Service in Windows Server 2003
Microsoft Knowledge Base Article: 324261 - This step-by-step article describes how to configure network security for the Simple Network Management Protocol (SNMP) service in Windows Server 2003. The SNMP service acts as an agent that collects information that can be reported to SNMP management.

HOW TO: Rename the Administrator and Guest Account in Windows Server 2003
Microsoft Knowledge Base Article: 816109 - This step-by-step article describes how to change the administrator account and guest account names by using Group Policy in Windows Server 2003. This may be useful if you want to change the name of the administrator or guest user accounts to minimize the chance of misuse of these accounts.

HOW TO: Set WMI Namespace Security in Windows Server 2003
Microsoft Knowledge Base Article: 325353 - This article describes how to set Windows Management Instrumentation (WMI) namespace security in Windows Server 2003. WMI security is based on namespaces. The schema is logically into namespaces for organizational and security purposes. Use the WMI Control snap-in to modify the security on WMI namespaces. With this tool, you can set security that is based off the root or select individual namespaces. You can also set inheritance that is based on namespace hierarchy.

HOW TO: Use Cipher.exe to Overwrite Deleted Data in Windows Server 2003
814599) - Administrators can use Cipher.exe to encrypt and decrypt data on drives that use the NTFS file system and to view the encryption status of files and folders from a command prompt. The version of Cipher.exe that is included with Windows Server 2003

HOW TO: Use Group Policy to Audit Registry Keys in Windows Server 2003
Microsoft Knowledge Base Article: 324739 - This article describes how to use Group Policy to configure auditing of Windows registry keys.

HOW TO: Use the Secedit.sdb Database to Perform a Security Analysis in Windows Server 2003
Microsoft Knowledge Base Article: 816119 - This step-by-step article describes how to use the Secedit.sdb database to analyze your security settings. This analysis can identify security holes that may exist in your current configuration, and can also identify changes that will occur if you use a security template to configure your computer.

HOW TO: Use Software Restriction Policies in Windows Server 2003
Microsoft Knowledge Base Article: 324036 - This article describes how to use software restriction policies in Windows Server 2003. When you use software restriction policies, you can identify and specify the software that is allowed to run so that you can protect your computer environment from untrusted code. When you use software restriction policies, you can define a default security level of Unrestricted or Disallowed for a Group Policy object (GPO) so that software is either allowed or not allowed to run by default. To create exceptions to this default security level, you can create rules for specific software

Using Attack Surface Area and Relative Attack Surface Quotient to Identify Attackability

Support WebCast: Microsoft Windows 2000 Server and Windows Server 2003: Password and Account Lockout Features
In this Support WebCast session, you will hear about security and administrative costs that you may see when you configure the password and account lockout feature set. This WebCast will provide information about configuring the password and account lockout settings, security and administrative considerations, new features in Microsoft Windows 2000 Server Service Pack 4 and Microsoft Windows Server 2003, procedures to troubleshoot account lockout events, and recommendations from the new account lockout white paper

Additional Articles

Managing Internet Explorer Enhanced Security Configuration
This white paper provides information about managing Internet Explorer Enhanced Security Configuration so that users and administrators can access trusted resources and Web sites on a corporate intranet and on the Internet. Examples include how to use Group Policy, scripts, answer files, and more. Source: Microsoft.com

Implementing and Administering Certificate Templates in Windows Server 2003
Windows Server 2003, Enterprise Edition allows the creation and deployment of customized certificate templates, known as version 2 certificate templates. This white paper details the process of designing and deploying custom certificate templates. Source: Microsoft TechNet

Key Archival and Management in Windows Server 2003
Windows Server 2003 Enterprise Edition introduces several new features in the area of Public Key Infrastructure (PKI) technologies and Certificate Authorities (CAs). One area of new functionality is private key archival, recovery, and management. This white paper covers best practices as well as procedural steps in a key recovery strategy as well as migration procedures for moving from an Exchange KMS environment to a Windows Server 2003 Certificate Authority. Source: Microsoft TechNet

Logon Scripts May Not Be Protected When They Are Stored on a Custom Shared Folder
Microsoft Knowledge Base Article: 812540 - By default, Windows stores logon scripts in a secured location. Network administrators can change the default storage location of logon scripts by storing them on a shared folder on any server. By doing so, network administrators can have greater control over the location of the logon scripts and the user permissions that are assigned to the shared folder

Planning and Implementing Cross-Certification and Qualified Subordination Using Windows Server 2003
Microsoft^� Windows^� XP Professional and Microsoft Windows Server 2003^� provide an integrated, public key infrastructure (PKI) that enables you to securely exchange information across the Internet, extranets, intranets, and applications. This white paper provides a technical reference and planning guide for PKI administrators who wish to perform PKI cross-certification, deploy bridge Certification Authorities (CAs), and understand how to implement qualified subordination in Windows Server 2003. Source: Microsoft TechNet (January 2003)

Role-Based Access Control for Multi-tier Applications Using Authorization Manager
This document provides a conceptual overview of the role-based access control model that is supported by Authorization Manager, which is included with the Microsoft^� Windows^� Server 2003 family of operating systems. It compares access control models which are based on roles and models which are based on access control lists (ACLs). It explains basic concepts: roles, tasks, operations, scopes, basic application groups, and LDAP query groups. With these concepts, you can create and install authorization rules and implement the Authorization Manager API. This paper also provides an example of an expense application with its own authorization store and authorization policy using Microsoft Visual Basic Scripting Edition (VBScript), Jscript, and ASP.NET. It also shows how to use Internet Information Services (IIS) 6.0 for URL authorization Source: Microsoft TechNet (January 2003)