Articles

Articles / Windows 2003 Security

Using Advanced Group Policy Management to Protect your GPOs: Date - May 23, 2007; Author - Derek Melber; The new Advanced Group Policy Management (AGPM) tool from Microsoft.
How to Force Remote Group Policy Processing: Date - Feb 13, 2007; Author - Jakob H. Heidelberg; Tricks, scripts and free tools for updating Group Policy Settings on remote domain computers.
Best Practices for Configuring Group Policy Objects: Date - Mar 30, 2006; Author - Brien Posey; In this article, I will share with you some best practices that you can use to keep your group policy objects well organized.
Generating Resultant Set of Policy Queries: Date - Feb 08, 2006; Author - Brien Posey; Both the Active Directory and Windows in general offer a huge degree of flexibility. Although it’s really nice to have a security model that can be custom tailored to meet your exact security needs, there is a definite downside to the way that Windows security works; it can be really complicated. Fortunately, there is a way to tell exactly what the outcome of all of those policy elements is. You can run a Resultant Set of Policy (RSOP) query. In this article, I will show you how.
Understanding the Roles of Server 2003 Security Policies: Date - Jan 17, 2006; Author - Deb Shinder; Windows domains rely on policy-based security mechanisms, but Windows security policy deployment can be confusing to the uninitiated. What's the difference between the local security policy, domain security policy and domain controller security policies? When and how do you use each? How do you use site GPOs and OU GPOs for best security, and how do they all interact together? What security policy tools are included with the operating system and how is each used? This article will provide an overview of the roles of Server 2003 security policies and how to use them to secure your systems and network.
Implementing EFS in a Windows Server 2003 Domain: Date - Jan 03, 2006; Author - Deb Shinder; Microsoft’s Encrypting File System (EFS), used to encrypt data on Windows 2000, XP and Server 2003 computers, relies on a public key certificate. If you don’t have a public key infrastructure, EFS can use a self-signed certificate. This is the default for using EFS on a standalone or workgroup computer. Implementing EFS within a domain with a PKI presents more complexity. In this article, we'll look at how to manage and use EFS in a Windows 2000 or Server 2003 domain.
Review of Security Planning Guides from Microsoft: Date - Oct 04, 2005; Author - Mitch Tulloch; This article reviews the recommendations of several recently released security planning guides from Microsoft that deal with securing administrator accounts and implementing smart card authentication in enterprise environments.
Installing and Configuring Microsoft’s Data Protection Manager (DPM) Part 2: Date - Aug 02, 2005; Author - Deb Shinder; In this two part article, we show you how to install and configure DPM and evaluate how this can be integrated into your overall security strategy. In Part 1, we covered the process of installing the DPM prerequisite software, DPM itself, the file agent software and the end-user recovery client software. In Part 2, we’ll show you how to configure your DPM server to protect data, and how end users can recover their protected files without administrative assistance.
Securing Windows Member Servers: Date - Jul 28, 2005; Author - Derek Melber; Every company has member servers at some capacity or another. Some companies have just a few, where others might have thousands. These member servers are the work horses of your network, providing the core production services for the company. From running the intranet, providing print services, SQL databases, e-mail services, file storage, and application support. With member servers providing all of these essential functions, it goes hand-in-hand with the fact that you need to protect these servers. This article will discuss some of key security configurations that can be made to help protect your member servers.
Installing and Configuring Microsoft’s Data Protection Manager (DPM) Part 1: Date - Jul 26, 2005; Author - Deb Shinder; The beta of Microsoft's new Data Protection Manager (formerly called Data Protection Server) is now available to the public. DPM brings disk-based backup and recovery to enterprise networks as part of Microsoft’s new System Center product umbrella that also includes Microsoft Operations Manager (MOM) and Systems Management Server (SMS). In this two part article, we show you how to install and configure DPM and evaluate how this newest member of Microsoft's System Center product umbrella can be integrated into your overall security strategy.
Security Concerns for Migrations and Upgrades to Windows Active Directory: Date - Apr 19, 2005; Author - Derek Melber; Most organizations are either at Windows Active Directory or they are contemplating that move now. If you fall in the latter category, you have some decisions to make. You need to decide how you will get from where you are now, possibly a Windows NT domain(s), to Windows 2000 or Server 2003 Active Directory domain(s).
Making MOM More Secure: Date - Apr 05, 2005; Author - Deb Shinder; Microsoft Operations Manager (MOM) 2005 is a great solution for managing your Exchange, SQL and other servers -- but what about security? In this article, we'll discuss some of the security issues related to MOM 2005, how Microsoft has made this version of MOM more secure, and best practices for deploying MOM in the most secure way possible.
Using Saved Queries: Date - Mar 24, 2005; Author - Derek Melber; Do you ever wonder why Microsoft has not built in more reporting tools to their operating systems? Have you ever wanted to email Microsoft and suggest that they at least allow some form of reporting on the security related details of user, group, and computer accounts? With the significant advancements that Microsoft has made with Active Directory over the past 5 years, you would think that they would have developed some form of reporting mechanism within Windows 2000 and Windows Server 2003 for user, group, and computer security related information. Well, they finally did!
Security Configuration Wizard in Windows Server 2003 Service Pack 1: Date - Jan 20, 2005; Author - Derek Melber; Microsoft has developed an almost ideal tool to help you configure security on computers in your organization. The tool is the Security Configuration Wizard, which is available in Windows Server 2003 service pack 1. The tool can help you configure services, network security, auditing, registry settings, and more. The wizard accomplishes these goals by producing security policies, which can be used in conjunction with security templates and specific server roles
Windows Server 2003 Hardening List (Part 1): Date - Dec 07, 2004; Author - Robert J. Shimonski; In this article, we will cover the most common issues that you will need to look over to make certain that your Windows Server 2003 is completely locked down from attack. We will look at the most common items you will need to address in Part 1, and then in subsequent parts, we will look at other items such as advanced techniques, as well as how to use GPOs and dealing with services running on Windows Server 2003 like File, Print as well as IIS. In this first installment, we cover the most common items you should address.
Windows Update Services Review: Date - Nov 30, 2004; Author - Amit Zinman; The long awaited Microsoft patch management replacement for SUS is finally in public Beta and provides some much required features.
MSSQL and Security: Date - May 19, 2004; Author - Krzysztof Kleszynski; When planning a secure MS SQL-based computer system you have to focus on several key elements: an appropriate installation with proper access rights, well-set rules for MS SQL users and a mechanism which would register all the operations performed in a database so that in case of problems the administrator could take closer and easier guesses about their real source. Moreover, do not forget that you have to design emergency procedures, such as data recovery and transferring them to another server, and test them, too.
Securing Server 2003 Domain Controllers: Date - May 05, 2004; Author - Deb Shinder; Because the domain controller, as its name implies, in many ways has control over your Windows domain and all of the computers that belong to it, it is essential that you take extra precautions to ensure that your DCs are and remain secure. In this article, we will look at a few of the important security measures you should take in regard to your domain controllers.
Making Microsoft Software Update Services Part of your Patch Management Strategy: Date - Feb 12, 2004; Author - Deb Shinder; Windows Server 2003 includes a number of interesting and useful new features, and one that will be especially helpful to administrators who are struggling with a way to keep a large number of systems updated with the appropriate patches and fixes is the Software Update Service (SUS). SUS can also run on Windows 2000. In this article, we’ll describe how SUS works and give you some pointers on deploying SUS within your organization.
IPv6: Windows Server 2003 Supports a More Secure IP – Sort of: Date - Nov 19, 2003; Author - Deb Shinder; When you think of version 6, the “next generation” of the Internet Protocol, your first thought is probably more available addresses. Indeed, the primary reason for developing a new version of IP was the anticipated critical shortage of addresses under the 32 bit addressing scheme of version 4. However, IPv6 provides for more than just an increase in the number of available addresses. It is also designed to provide for better performance and, even more important in today’s business world, better security of IP communications.
Changes to Default Settings Make Windows Server 2003 More Secure (Part 2): Date - Oct 23, 2003; Author - Deb Shinder; Microsoft has made a number of changes to the default settings in Windows 2003 to make it more secure “out of the box.” In Part 2, we’ll examine the changes that have been made to the default settings for common services and changes in the authentication process, and we’ll discuss some areas in which some believe that Server 2003’s defaults are still too open.
Windows Server 2003 Disaster Recovery Planning (Part 2): Date - Oct 17, 2003; Author - Robert J. Shimonski; In this article, we will discuss what every Microsoft Windows Administrator and Engineer should think about when trying to manage their environments in the scope of planning for Disaster Recovery and Business Continuity. This is Part II in a 4 part article series where we will cover many of the details administrators and engineers need to know about planning Disaster Recovery for Windows Systems, as well as for their networks in general.
A Glance at the Windows Server 2003 Security Guide: Date - Oct 15, 2003; Author - Robert J. Shimonski; Not only is Microsoft Boasting that Windows Server 2003 is very secure... they have also released prior to the selling of the actual operating system, the ‘free’ (yes you heard this right), security guide for the base operating system as well as many of the services that come with it, like IIS, File and Print services and more.
Changes to Default Settings Make Windows Server 2003 More Secure (Part 1): Date - Oct 10, 2003; Author - Deb Shinder; One big change, very noticeable in Windows Server 2003, is the difference in default settings. In this two-part article, we’ll look at how the out-of-the-box server differs in its defaults from previous versions and how the new defaults make the OS more secure (while at the same time causing frustration for some admins and users who find themselves unable to gain access that was available without any reconfiguration in earlier operating systems). In Part 1, we’ll focus on how the default permissions have changed, changes to the membership of the Everyone group, and ownership of objects.
Windows Server 2003 Disaster Recovery Planning (Part 1): Date - Oct 03, 2003; Author - Robert J. Shimonski; In this article, we will discuss what every Microsoft Windows Administrator and Engineer should think about when trying to manage their environments in the scope of planning for Disaster Recovery and Business Continuity. This is Part I in a 4 part article series where we will cover many of the details administrators and engineers need to know about planning Disaster Recovery for Windows Systems, as well as for their networks in general. In part I, we will look at Windows 2000 & Windows Server 2003 Clustering & Load Balancing for high availability, as well as general planning information.
How New Delegation of Authentication Options Improve Security: Date - Sep 25, 2003; Author - Deb Shinder; Delegation is the act of giving power, responsibility or authority to someone (or something). When we talk about delegation in the context of administering our Windows Server 2003 computers and networks, we can be talking about either the Delegation of administrative authority (also called delegation of control); or the Delegation of authentication (allowing a service to use a user or computer account for access to resources). It is this second type of delegation that we will discuss in this article. Windows Server 2003 has provided some enhancements to this feature that will make your administrative life a little easier.
How the Windows Rights Management Service can Enhance the Security of your Documents: Date - Sep 23, 2003; Author - Deb Shinder; Security has many facets when it comes to computers. We often focus on securing the network and our systems from outside intruders and from malicious code such as viruses, worms and Trojans. Because the damage from these can be so immediate and so drastic, we sometimes overlook the need to secure the data contained in our documents from others within the organization, and even to control the extent of access for those with whom we do need to share our information.
What’s New with Windows Server 2003 Certificate Services?: Date - Aug 20, 2003; Author - Deb Shinder; Now, with the release of Windows Server 2003, Microsoft has provided a number of enhancements and improvements to this popular feature. In this article, we will look at the new certificate services features included in the Standard, Enterprise and Datacenter editions of Server 2003.
What’s New in Windows Server 2003 IPSec (Part 2): Date - Aug 05, 2003; Author - Deb Shinder; In Part 1 of this two-part article, we took a look at one of the most important new additions to Windows Server 2003’s implementation of IPSec: the new and improved IP Security Monitor. You learned about its new look (MMC console) and increased functionality. In Part 2, we’ll discuss the other improvements that Microsoft has made to IPSec in Windows Server 2003. Many of these are small things, but taken together, they make IPSec more secure and easier for administrators to manage than ever before.
What’s New in Windows Server 2003 IPSec (Part 1): Date - Jul 29, 2003; Author - Deb Shinder; With the release of Windows Server 2003, Microsoft has made improvements to a number of their operating system security features, including several new features for IPSec. In this two part article, we’ll focus on what’s new for IPSec in Windows Server 2003, and show you how to use its new features to make it even easier for you to ensure secure communications across your network. Part One covers the IP Security Monitor, which has a brand new look and added functionality.
Windows Server 2003 System Security Analysis 'Quick and Easy': Date - Jul 25, 2003; Author - Robert J. Shimonski; In this article we will look at demystifying the simple analysis of a Windows Server 2003's security posture. Too many times, administrators seem confused about how to do an initial security analysis test on a newly minted Windows Server 2003. (Or 2000 for that matter) In this article we will look at how to perform this very quickly, very easily with Windows Server 2003. This article will cover the steps needed to create the Security Database and perform the analysis on your Windows Server 2003 system.
What’s New in Windows 2003 Server: IIS Security Enhancements: Date - Jul 15, 2003; Author - Deb Shinder; Microsoft’s Internet Information Services (IIS), while one of the most popularly deployed web servers, has long been considered to be a weak point on any server on which it is installed, when it comes to security. Web servers, by their very nature, are generally open to the Internet (unless they are used only for intranet access) and this makes them a natural target for hackers and attackers. In this article, we’ll cover some of the changes to the new version of IIS that are intended to make it less vulnerable to attackers.
How Windows Server 2003’s Software Restriction Policies Improve Security: Date - Apr 30, 2003; Author - Deb Shinder; Allowing any unauthorized software to run on company computers, especially those connected to the network, poses many dangers. Even if the program isn’t infested with malicious code, incompatibility problems can result in operating system crashes, or interfere with the operation of other programs, and complicate tech support and troubleshooting – not to mention licensing issues. For this reason, Microsoft includes a new feature with Windows Server 2003 and Windows XP: software restriction policies.

Articles topic

[120] Authentication, Access Control & Encryption: Updated: Nov 04, 2009
[9] Content Security (Email & FTP): Updated: Apr 16, 2008
[26] Firewalls & VPNs: Updated: Aug 05, 2009
[23] Intrusion Detection: Updated: Apr 19, 2007
[119] Misc Network Security: Updated: Aug 19, 2009
[6] Product Reviews: Updated: Mar 08, 2007
[26] Viruses, trojans and other malware: Updated: Oct 10, 2007
[9] Web Application Security: Updated: Oct 22, 2008
[17] Web Server Security: Updated: Sep 06, 2006
[33] Windows 2003 Security: Updated: May 23, 2007
[7] Windows Networking: Updated: Jan 26, 2006
[101] Windows OS Security: Updated: Oct 21, 2009
[13] Wireless Security: Updated: Dec 28, 2006