Windows 2003 SP1 Member Server in ASU Active Directory WNUG/CCC February 2, 2006 Sharon Bushart CLAS Information Technology.

Slides:



Advertisements
Similar presentations
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
Advertisements

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Installing and Configuring a Secure Web Server COEN 351 David Papay.
Windows Anti-virus and Security WNUG Meeting
Module 8: Implementing Administrative Templates and Audit Policy.
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.
Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.
Securing Windows Servers Using Group Policy Objects
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
CH 12 Securing Windows Server Objectives Understand the security enhancements included in Windows Server 2008 Understand how Windows Server 2008.
Windows Server 2008 Chapter 10 Last Update
Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Thrive Installation.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.
Module 4: Add Client Computers and Devices to the Network.
Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 22 Local Security Polcies 1.
Module 14: Configuring Server Security Compliance
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
Module 3: Configuring Hardware on a Computer Running Windows XP Professional.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Lesson 17-Windows 2000/Windows 2003 Server Security Issues.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Overview Managing a DHCP Database Monitoring DHCP
NT4 SP4 Security Jack Schmidt - Fermilab
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Lesson 11: Configuring and Maintaining Network Security
TCOM Information Assurance Management System Hacking.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 7: Implementing Security Using Group Policy.
NetTech Solutions Security and Security Permissions Lesson Nine.
11 IMPLEMENTING AND MANAGING SOFTWARE UPDATE SERVICES Chapter 7.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring Windows Server 2008 Printing.
Module 8 Implementing Security Using Group Policy.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
LM/NTLMv1 Retirement Hosted by LSP Services.
Windows Vista Configuration MCTS : User Account Security.
Nassau Community College
Enumeration.
Chapter 6 Application Hardening
Configuring Windows Firewall with Advanced Security
Lesson 16-Windows NT Security Issues
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Windows 2003 SP1 Member Server in ASU Active Directory WNUG/CCC February 2, 2006 Sharon Bushart CLAS Information Technology

Agenda  Discussion  Share knowledge / experience  Tools / Utilities  Resources  Presentation will be posted on WNUG web page

Goals  Best Practices documents W2K3 SP1 Best Practices v2.doc W2K3 SP1 Best Practices v2.doc  FAQs  Tip sheets  Checklists

CLAS IT Behavioral Sciences Computing 2 Schools with another in Fall Schools with another in Fall Departments, 5 Units/Centers 3 Departments, 5 Units/Centers 14 Buildings 14 Buildings 1200 client systems 1200 client systems 20 servers 20 servers

Preparation  System is NOT on network  Register IP Address & DNS name  License product key  Download service pack, hot fixes, etc  Hardware drivers  Antivirus software plus latest sdat  Documentation

Local Admin Accounts  Create new account(s)  Add new account(s) to local admin group  Logon with new admin account  Rename default admin and guest accounts  Disable default admin account  Do not include AD groups in local admin group – use Run As instead

Install …  Hardware drivers  Anti-Virus software with latest sdat  Tools, Utilities  Windows Automatic update Notify but do not automatically download or install Notify but do not automatically download or install  Drive Management

Firewall  System is still NOT on network  Firewall should be ON  Open only the ports that are necessary  Port information Service Overview & Network Port Requirements for the Windows Server System (10/31/05)Service Overview & Network Port Requirements for the Windows Server System (10/31/05) Macs Macs

Firewall

Firewall (continued)

Add Port Information Logging Options

Firewall – Default Services

Firewall – Add Service

Firewall – Service & Ports DescriptionPort AD Authentication (TCP) 1025 DNS (TCP & UDP) 53 Kerberos (TCP & UDP) 88 LDAP (TCP & UDP) 389 File Sharing (TCP & UDP) 445 Network Time Protocol (TCP & UDP) 123 NetBIOS (TCP) 139

Firewall – Service & Ports Example

TCP/IP

TCP/IP - DNS Add DNS Servers Append DNS suffixes Uncheck Register …

TCP/IP - WINS Add WINS Servers Depends on clients

Default Share Permission

Revised Share Permission

NTFS Permissions

Security Policy  Include access rights, security options, account lockout, etc…  Two methods for changing Local Security Policy Local Security Policy Administrative Tools | Local Security PolicyAdministrative Tools | Local Security Policy Group Policy Object Editor Group Policy Object Editor

Security Policy – Audit Audit Policy DescriptionDefaultMemSvr Account logon eventsSS/F Account managementNAS/F Directory service accessNA Logon eventsSS/F Object accessNA Policy changeNAS/F Privilege useNA Process trackingNA System eventsNAS/F

Security Policy – Audit  Microsoft Articles on Audit Policy: = Security Event Descriptions = Security Event Descriptions = Service Account Logon Events = Service Account Logon Events  Events & Error Message Center GPO Editor: Computer Configurations\Windows Settings\Security Settings\Local Policies\Audit Policy

Security Policy – User Rights  Access this computer from Network Remove Everyone Remove Everyone Add appropriate OU groups Add appropriate OU groups Remove Authenticated Users Remove Authenticated Users  Allow log on locally Administrators only Administrators only GPO Editor: Computer Configurations\Windows Settings\Security Settings\Local Policies\User Rights Assignment

Security Policy – Security Options  Do Not Display Last User Name Disabled  Enabled Disabled  Enabled  Message Text for Users attempting to log on WARNING! You are accessing a computer protected by federal and state law and ASU policies. By using this system you agree to comply with these laws and policies, including ACD 125 (Computer, Internet and Electronic Communications Policy) and you consent to system monitoring for law enforcement, administrative and other purposes. Unauthorized use of this computer system may subject you to criminal prosecution, civil liability and University sanctions. WARNING! You are accessing a computer protected by federal and state law and ASU policies. By using this system you agree to comply with these laws and policies, including ACD 125 (Computer, Internet and Electronic Communications Policy) and you consent to system monitoring for law enforcement, administrative and other purposes. Unauthorized use of this computer system may subject you to criminal prosecution, civil liability and University sanctions.

Security Policy – Security Options (continued)  Do not allow anonymous enumeration of SAM accounts/shares Disabled  Enabled Disabled  Enabled  LAN Manager authentication level Send LM & LTLM – use NTLMv2 session if negotiated Send LM & LTLM – use NTLMv2 session if negotiated GPO Editor: Computer Configurations\Windows Settings\Security Settings\Local Policies\Security Rights

Security Test  Microsoft Baseline Analyzer  Security Configuration Wizard Included with SP1 Included with SP1 Configures server based on role Configures server based on role  Review output & adjust if necessary  Connect server to network  Windows Update  Anti-Virus Update

Microsoft Tools  Administration Tool Pack 2-3e00-4d5e-9b01-cf2bf256912d1033.mspx 2-3e00-4d5e-9b01-cf2bf256912d1033.mspx 2-3e00-4d5e-9b01-cf2bf256912d1033.mspx 2-3e00-4d5e-9b01-cf2bf256912d1033.mspx  Group Policy Management Console  Port Reporter  PortQry

Microsoft Documents  Windows Server 2003 Security Guide /w2003hg/sgch00.mspx /w2003hg/sgch00.mspx /w2003hg/sgch00.mspx /w2003hg/sgch00.mspx  Threats & Countermeasures: Security Settings in Windows Server 2003 & Windows XP h00.mspx h00.mspx h00.mspx h00.mspx  Security Risk Management Guide secrisk/default.mspx secrisk/default.mspx secrisk/default.mspx secrisk/default.mspx  Other documents Administrator Accounts Security Planning Guide Administrator Accounts Security Planning Guide Services & Service Accounts Security Services & Service Accounts Security

Reference Material  Microsoft TechNet  Center for Internet Security  SANS  Trial and Error Documentation Documentation

Contact Information Sharon Bushart

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.