HOW TO: Apply Predefined Security Templates in Windows Server 2003
Microsoft Knowledge Base Article: 816585 - This step-by-step article describes how to apply predefined security templates. Windows Server 2003 includes several predefined security templates that you can apply to increase the level of security on your network. You can modify security templates to suit your requirements by using Security Templates in Microsoft Management Console (MMC).

HOW TO: Analyze System Security in Windows Server 2003
Microsoft Knowledge Base Article: 816580 - This step-by-step article describes how to use Security Configuration and Analysis in Microsoft Management Console (MMC) to analyze and to configure security on a computer that is running Windows Server 2003.

HOW TO: Configure Group Policies to Set Security for System Services in Windows Server 2003
Microsoft Knowledge Base Article: 324802 - This article describes how to use Group Policy to set security for system services for an organizational unit in Windows Server 2003. When you implement security on system services, you can control who can manage services on a workstation, member server, or domain controller. Currently, the only way to change a system service is through a Group Policy computer setting.

HOW TO: Configure Security for Files and Folders on a Network in Windows Server 2003
Microsoft Knowledge Base Article: 325361 - This step-by-step article describes how to configure security for files and folders on a network in Windows Server 2003. This may be useful to protect data from unauthorized access.

HOW TO: Enforce a Remote Access Security Policy in Windows Server 2003
Microsoft Knowledge Base Article: 816522 - This step-by-step article describes how to enforce a remote access security policy in a Windows Server 2003-based Native-mode domain.

HOW TO: Find and Clean Up Duplicate Security Identifiers with Ntdsutil in Windows Server 2003
Microsoft Knowledge Base Article: 816099 - This article describes how to check for and clean up or remove duplicate security identifiers (SIDs) in the SAM database. A unique SID identifies each security account such as users, groups, and computers. You use an SID to uniquely identify a security account and to perform access checks against resources such as files, file folders, printers, Microsoft Exchange mailboxes, Microsoft SQL Server databases, objects that are stored in Active Directory, or any data that is protected by the Windows Server 2003 security model.

HOW TO: Harden the TCP/IP Stack Against Denial of Service Attacks in Windows Server 2003
Microsoft Knowledge Base Article: 324270 - Denial of service (DoS) attacks are network attacks that are aimed at making a computer or a particular service on a computer unavailable to network users.

HOW TO: Install a Certificate for Use with IP Security in Windows Server 2003
Microsoft Knowledge Base Article: 323342 - When IP Security (IPSec) is configured to use a Certificate Authority (CA) for mutual authentication, you must obtain a local computer certificate. This article describes how to install a local computer certificate for use with IPSec from a.stand-alone Windows CA

HOW TO: Set Event Log Security Locally or by Using Group Policy in Windows Server 2003
Microsoft Knowledge Base Article: 323076 - Windows Server 2003 permits administrators to customize security access rights to their event logs. These settings can be configured locally or through Group Policy. This article describes how to use both of these methods.

HOW TO: Set SMTP Security Options in Windows Server 2003
Microsoft Knowledge Base Article: 324285 - This step-by-step article describes how to set Simple Mail Transfer Protocol (SMTP) virtual server security options.

HOW TO: Configure Network Security for the SNMP Service in Windows Server 2003
Microsoft Knowledge Base Article: 324261 - This step-by-step article describes how to configure network security for the Simple Network Management Protocol (SNMP) service in Windows Server 2003. The SNMP service acts as an agent that collects information that can be reported to SNMP management.

HOW TO: Rename the Administrator and Guest Account in Windows Server 2003
Microsoft Knowledge Base Article: 816109 - This step-by-step article describes how to change the administrator account and guest account names by using Group Policy in Windows Server 2003. This may be useful if you want to change the name of the administrator or guest user accounts to minimize the chance of misuse of these accounts.

HOW TO: Set WMI Namespace Security in Windows Server 2003
Microsoft Knowledge Base Article: 325353 - This article describes how to set Windows Management Instrumentation (WMI) namespace security in Windows Server 2003. WMI security is based on namespaces. The schema is logically into namespaces for organizational and security purposes. Use the WMI Control snap-in to modify the security on WMI namespaces. With this tool, you can set security that is based off the root or select individual namespaces. You can also set inheritance that is based on namespace hierarchy.

HOW TO: Use Cipher.exe to Overwrite Deleted Data in Windows Server 2003
814599) - Administrators can use Cipher.exe to encrypt and decrypt data on drives that use the NTFS file system and to view the encryption status of files and folders from a command prompt. The version of Cipher.exe that is included with Windows Server 2003

HOW TO: Use Group Policy to Audit Registry Keys in Windows Server 2003
Microsoft Knowledge Base Article: 324739 - This article describes how to use Group Policy to configure auditing of Windows registry keys.

HOW TO: Use the Secedit.sdb Database to Perform a Security Analysis in Windows Server 2003
Microsoft Knowledge Base Article: 816119 - This step-by-step article describes how to use the Secedit.sdb database to analyze your security settings. This analysis can identify security holes that may exist in your current configuration, and can also identify changes that will occur if you use a security template to configure your computer.

HOW TO: Use Software Restriction Policies in Windows Server 2003
Microsoft Knowledge Base Article: 324036 - This article describes how to use software restriction policies in Windows Server 2003. When you use software restriction policies, you can identify and specify the software that is allowed to run so that you can protect your computer environment from untrusted code. When you use software restriction policies, you can define a default security level of Unrestricted or Disallowed for a Group Policy object (GPO) so that software is either allowed or not allowed to run by default. To create exceptions to this default security level, you can create rules for specific software

Using Attack Surface Area and Relative Attack Surface Quotient to Identify Attackability

Support WebCast: Microsoft Windows 2000 Server and Windows Server 2003: Password and Account Lockout Features
In this Support WebCast session, you will hear about security and administrative costs that you may see when you configure the password and account lockout feature set. This WebCast will provide information about configuring the password and account lockout settings, security and administrative considerations, new features in Microsoft Windows 2000 Server Service Pack 4 and Microsoft Windows Server 2003, procedures to troubleshoot account lockout events, and recommendations from the new account lockout white paper

Implementing and Administering Certificate Templates in Windows Server 2003
Windows Server 2003, Enterprise Edition allows the creation and deployment of customized certificate templates, known as version 2 certificate templates. This white paper details the process of designing and deploying custom certificate templates.  Source: Microsoft TechNet

Key Archival and Management in Windows Server 2003
Windows Server 2003 Enterprise Edition introduces several new features in the area of Public Key Infrastructure (PKI) technologies and Certificate Authorities (CAs). One area of new functionality is private key archival, recovery, and management. This white paper covers best practices as well as procedural steps in a key recovery strategy as well as migration procedures for moving from an Exchange KMS environment to a Windows Server 2003 Certificate Authority. Source: Microsoft TechNet

Logon Scripts May Not Be Protected When They Are Stored on a Custom Shared Folder
Microsoft Knowledge Base Article: 812540 - By default, Windows stores logon scripts in a secured location. Network administrators can change the default storage location of logon scripts by storing them on a shared folder on any server. By doing so, network administrators can have greater control over the location of the logon scripts and the user permissions that are assigned to the shared folder

Planning and Implementing Cross-Certification and Qualified Subordination Using Windows Server 2003
Microsoft^© Windows^? XP Professional and Microsoft Windows Server 2003^© provide an integrated, public key infrastructure (PKI) that enables you to securely exchange information across the Internet, extranets, intranets, and applications. This white paper provides a technical reference and planning guide for PKI administrators who wish to perform PKI cross-certification, deploy bridge Certification Authorities (CAs), and understand how to implement qualified subordination in Windows Server 2003. Source: Microsoft TechNet (January 2003)

Role-Based Access Control for Multi-tier Applications Using Authorization Manager
This document provides a conceptual overview of the role-based access control model that is supported by Authorization Manager, which is included with the Microsoft^© Windows^? Server 2003 family of operating systems. It compares access control models which are based on roles and models which are based on access control lists (ACLs). It explains basic concepts: roles, tasks, operations, scopes, basic application groups, and LDAP query groups. With these concepts, you can create and install authorization rules and implement the Authorization Manager API. This paper also provides an example of an expense application with its own authorization store and authorization policy using Microsoft Visual Basic Scripting Edition (VBScript), Jscript, and ASP.NET. It also shows how to use Internet Information Services (IIS) 6.0 for URL authorization  Source: Microsoft TechNet (January 2003)