Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows 2003 SP1 Member Server in ASU Active Directory WNUG/CCC February 2, 2006 Sharon Bushart CLAS Information Technology.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Windows 2003 SP1 Member Server in ASU Active Directory WNUG/CCC February 2, 2006 Sharon Bushart CLAS Information Technology."— Presentation transcript:

1

2 Windows 2003 SP1 Member Server in ASU Active Directory WNUG/CCC February 2, 2006 Sharon Bushart CLAS Information Technology

3 Agenda  Discussion  Share knowledge / experience  Tools / Utilities  Resources  Presentation will be posted on WNUG web page http://www.asu.edu/it/ag/wnug/ http://www.asu.edu/it/ag/wnug/ http://www.asu.edu/it/ag/wnug/

4 Goals  Best Practices documents W2K3 SP1 Best Practices v2.doc W2K3 SP1 Best Practices v2.doc  FAQs  Tip sheets  Checklists

5 CLAS IT Behavioral Sciences Computing 2 Schools with another in Fall 2006 2 Schools with another in Fall 2006 3 Departments, 5 Units/Centers 3 Departments, 5 Units/Centers 14 Buildings 14 Buildings 1200 client systems 1200 client systems 20 servers 20 servers

6

7

8

9 Preparation  System is NOT on network  Register IP Address & DNS name  License product key  Download service pack, hot fixes, etc  Hardware drivers  Antivirus software plus latest sdat  Documentation

10 Local Admin Accounts  Create new account(s)  Add new account(s) to local admin group  Logon with new admin account  Rename default admin and guest accounts  Disable default admin account  Do not include AD groups in local admin group – use Run As instead

11 Install …  Hardware drivers  Anti-Virus software with latest sdat  Tools, Utilities  Windows Automatic update Notify but do not automatically download or install Notify but do not automatically download or install  Drive Management

12 Firewall  System is still NOT on network  Firewall should be ON  Open only the ports that are necessary  Port information http://www.iana.org/ http://www.iana.org/ http://www.iana.org/ http://www.securitystats.com/tools/portsearch.php http://www.securitystats.com/tools/portsearch.php http://www.securitystats.com/tools/portsearch.php http://support.microsoft.com/default.aspx?scid=kb;en-us;832017 http://support.microsoft.com/default.aspx?scid=kb;en-us;832017 http://support.microsoft.com/default.aspx?scid=kb;en-us;832017 Service Overview & Network Port Requirements for the Windows Server System (10/31/05)Service Overview & Network Port Requirements for the Windows Server System (10/31/05) Macs Macs http://www.opendoor.com/doorstop/ports.htmlhttp://www.opendoor.com/doorstop/ports.htmlhttp://www.opendoor.com/doorstop/ports.html

13 Firewall

14 Firewall (continued)

15 Add Port Information Logging Options

16 Firewall – Default Services

17 Firewall – Add Service

18 Firewall – Service & Ports DescriptionPort AD Authentication (TCP) 1025 DNS (TCP & UDP) 53 Kerberos (TCP & UDP) 88 LDAP (TCP & UDP) 389 File Sharing (TCP & UDP) 445 Network Time Protocol (TCP & UDP) 123 NetBIOS (TCP) 139

19 Firewall – Service & Ports Example

20 TCP/IP

21 TCP/IP - DNS Add DNS Servers Append DNS suffixes Uncheck Register …

22 TCP/IP - WINS Add WINS Servers Depends on clients

23 Default Share Permission

24 Revised Share Permission

25 NTFS Permissions

26 Security Policy  Include access rights, security options, account lockout, etc…  Two methods for changing Local Security Policy Local Security Policy Administrative Tools | Local Security PolicyAdministrative Tools | Local Security Policy Group Policy Object Editor Group Policy Object Editor

27 Security Policy – Audit Audit Policy DescriptionDefaultMemSvr Account logon eventsSS/F Account managementNAS/F Directory service accessNA Logon eventsSS/F Object accessNA Policy changeNAS/F Privilege useNA Process trackingNA System eventsNAS/F

28 Security Policy – Audit  Microsoft Articles on Audit Policy: 174074 = Security Event Descriptions 174074 = Security Event Descriptions 274176 = Service Account Logon Events 274176 = Service Account Logon Events  Events & Error Message Center http://www.microsoft.com/technet/support/ee/ee_advanced.aspx http://www.microsoft.com/technet/support/ee/ee_advanced.aspx http://www.microsoft.com/technet/support/ee/ee_advanced.aspx GPO Editor: Computer Configurations\Windows Settings\Security Settings\Local Policies\Audit Policy

29 Security Policy – User Rights  Access this computer from Network Remove Everyone Remove Everyone Add appropriate OU groups Add appropriate OU groups Remove Authenticated Users Remove Authenticated Users  Allow log on locally Administrators only Administrators only GPO Editor: Computer Configurations\Windows Settings\Security Settings\Local Policies\User Rights Assignment

30 Security Policy – Security Options  Do Not Display Last User Name Disabled  Enabled Disabled  Enabled  Message Text for Users attempting to log on WARNING! You are accessing a computer protected by federal and state law and ASU policies. By using this system you agree to comply with these laws and policies, including ACD 125 (Computer, Internet and Electronic Communications Policy) and you consent to system monitoring for law enforcement, administrative and other purposes. Unauthorized use of this computer system may subject you to criminal prosecution, civil liability and University sanctions. WARNING! You are accessing a computer protected by federal and state law and ASU policies. By using this system you agree to comply with these laws and policies, including ACD 125 (Computer, Internet and Electronic Communications Policy) and you consent to system monitoring for law enforcement, administrative and other purposes. Unauthorized use of this computer system may subject you to criminal prosecution, civil liability and University sanctions.

31 Security Policy – Security Options (continued)  Do not allow anonymous enumeration of SAM accounts/shares Disabled  Enabled Disabled  Enabled  LAN Manager authentication level Send LM & LTLM – use NTLMv2 session if negotiated Send LM & LTLM – use NTLMv2 session if negotiated GPO Editor: Computer Configurations\Windows Settings\Security Settings\Local Policies\Security Rights

32 Security Test  Microsoft Baseline Analyzer http://www.microsoft.com/technet/security/tools/mbsahome.mspx http://www.microsoft.com/technet/security/tools/mbsahome.mspx http://www.microsoft.com/technet/security/tools/mbsahome.mspx  Security Configuration Wizard Included with SP1 Included with SP1 Configures server based on role Configures server based on role  Review output & adjust if necessary  Connect server to network  Windows Update  Anti-Virus Update

33 Microsoft Tools  Administration Tool Pack http://technet2.microsoft.com/WindowsServer/en/Library/57adeda 2-3e00-4d5e-9b01-cf2bf256912d1033.mspx http://technet2.microsoft.com/WindowsServer/en/Library/57adeda 2-3e00-4d5e-9b01-cf2bf256912d1033.mspx http://technet2.microsoft.com/WindowsServer/en/Library/57adeda 2-3e00-4d5e-9b01-cf2bf256912d1033.mspx http://technet2.microsoft.com/WindowsServer/en/Library/57adeda 2-3e00-4d5e-9b01-cf2bf256912d1033.mspx  Group Policy Management Console http://www.microsoft.com/windowsserver2003/gpmc/default.mspx http://www.microsoft.com/windowsserver2003/gpmc/default.mspx http://www.microsoft.com/windowsserver2003/gpmc/default.mspx  Port Reporter http://support.microsoft.com/?id=837243 http://support.microsoft.com/?id=837243 http://support.microsoft.com/?id=837243  PortQry http://support.microsoft.com/default.aspx?kbid=832919 http://support.microsoft.com/default.aspx?kbid=832919 http://support.microsoft.com/default.aspx?kbid=832919

34 Microsoft Documents  Windows Server 2003 Security Guide http://www.microsoft.com/technet/security/prodtech/windowsserver2003 /w2003hg/sgch00.mspx http://www.microsoft.com/technet/security/prodtech/windowsserver2003 /w2003hg/sgch00.mspx http://www.microsoft.com/technet/security/prodtech/windowsserver2003 /w2003hg/sgch00.mspx http://www.microsoft.com/technet/security/prodtech/windowsserver2003 /w2003hg/sgch00.mspx  Threats & Countermeasures: Security Settings in Windows Server 2003 & Windows XP http://www.microsoft.com/technet/security/topics/serversecurity/tcg/tcgc h00.mspx http://www.microsoft.com/technet/security/topics/serversecurity/tcg/tcgc h00.mspx http://www.microsoft.com/technet/security/topics/serversecurity/tcg/tcgc h00.mspx http://www.microsoft.com/technet/security/topics/serversecurity/tcg/tcgc h00.mspx  Security Risk Management Guide http://www.microsoft.com/technet/security/topics/policiesandprocedures/ secrisk/default.mspx http://www.microsoft.com/technet/security/topics/policiesandprocedures/ secrisk/default.mspx http://www.microsoft.com/technet/security/topics/policiesandprocedures/ secrisk/default.mspx http://www.microsoft.com/technet/security/topics/policiesandprocedures/ secrisk/default.mspx  Other documents Administrator Accounts Security Planning Guide Administrator Accounts Security Planning Guide Services & Service Accounts Security Services & Service Accounts Security

35 Reference Material  Microsoft TechNet http://technet.microsoft.com/default.aspx http://technet.microsoft.com/default.aspx http://technet.microsoft.com/default.aspx http://www.microsoft.com/technet/security/default.mspx http://www.microsoft.com/technet/security/default.mspx http://www.microsoft.com/technet/security/default.mspx http://www.microsoft.com/technet/security/current.aspx http://www.microsoft.com/technet/security/current.aspx http://www.microsoft.com/technet/security/current.aspx  Center for Internet Security http://www.cisecurity.org/ http://www.cisecurity.org/ http://www.cisecurity.org/  SANS http://sans.org/ http://sans.org/ http://sans.org/  Trial and Error Documentation Documentation

36 Contact Information Sharon Bushart sbushart@asu.edu 5-8249

Download ppt "Windows 2003 SP1 Member Server in ASU Active Directory WNUG/CCC February 2, 2006 Sharon Bushart CLAS Information Technology."

Similar presentations

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Windows Anti-virus and Security WNUG Meeting 2-7-2002.

Windows Anti-virus and Security WNUG Meeting
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Similar presentations

Ads by Google