This Security Guide published by Microsoft
Who Should Read This Guide
This guide is primarily intended for consultants, security specialists, systems architects,
and IT professionals who are responsible for the planning stages of application or
infrastructure development, and the deployment of Windows Server 2003. These roles
include the following common job descriptions:
● Architects and planners responsible for driving the architecture efforts for the
clients in their organizations.
● IT security specialists focused purely on providing security across the platforms
within their organizations.
● Business analysts and business decision makers (BDMs) with critical business
objectives and requirements that depend on client support.
● Consultants from both Microsoft Services and partners who need detailed
resources of relevant and useful information for enterprise customers and partners.
Scope of this Guide
This guide is focused on how to create and maintain a secure environment for computers
running Windows Server 2003 in your organization. The material explains the different
stages of how to secure the three environments defined in the guide, and what each
prescribed server setting addresses in terms of client dependencies. The three
environments considered are labeled Legacy Client, Enterprise Client, and High Security.
● The Legacy Client settings are designed to work in a Microsoft Active Directory®
domain with member servers and domain controllers running Windows Server
2003, and clients running Microsoft Windows® 98, Windows NT 4.0 and later.
● The Enterprise Client settings are designed to work in an Active Directory domain
with member servers and domain controllers running Windows Server 2003, and
clients running Windows 2000, Windows XP, and later.
● The High Security settings are also designed to work in an Active Directory domain
with member servers and domain controllers running Windows Server 2003, and
clients running Windows 2000, Windows XP, and later. However, the High Security
settings are so restrictive that many applications may not function. For this reason,
the servers may encounter some impact on performance, and managing the
servers will be more challenging.
Hardening guidance is provided for a group of distinct server roles. The countermeasures
described and the tools provided assume that each server will have a single role, if you
need to combine roles for some of the servers in your environment then you can
customize the security templates included with this guide so that the appropriate
combination of services and security options are configured for the servers with multiple
roles. The roles covered by this guide include:
● Domain controllers
● Infrastructure servers
● File servers
● Print servers
● Internet Information Services (IIS) servers
● Internet Authentication Services (IAS) servers
● Certificate Services servers
● Bastion hosts
The settings recommended in this guide were tested thoroughly in lab environments
depicting those described above: Legacy Client, Enterprise Client, and High Security.
These settings were proven to work in the lab, but it is important that your organization
test these settings in your own lab that accurately represents your production
environment. It is likely that you will need to make some changes to the security
templates and the manual procedures documented within this guide so that all of your
business applications continue to function as expected. The detailed information provided
in the companion guide, Threats and Countermeasures: Security Settings in Windows
Server 2003 and Windows XP, which is available for download at
http://go.microsoft.com/fwlink/?LinkId=15159, gives you the information you need to
assess each specific countermeasure and to decide which of them are appropriate for
your organization’s unique environment and business requirements.
Download this Guide
الاثنين، 28 يناير 2008
الاشتراك في:
تعليقات الرسالة (Atom)
ليست هناك تعليقات:
إرسال تعليق