Microsoft Solutions for Security Windows Server 2003 Security Guide Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e – mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e – mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. © 2003 Microsoft Corporation. All rights reserved. Microsoft and Visual Basic are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Acknowledgements The Microsoft Solutions for Security group (MSS) would like to acknowledge and thank the team that produced the Windows Server 2003 Security Guide. The following people were either directly responsible, or made a substantial contribution to the writing, development, and testing of this solution. Authors Reviewers Kurt Dillard Rich Benack José Maldonado Rob Cooper Brad Warrender Duane Crider Mike Greer Content Contributors Robert Hensing William Dixon Chad Hilton Eric Fitzgerald Andrew Mason Stirling Goetz Joe Porter Ian Hellen Joel Scambray Jesper Johansson Ben Smith Kirk Soluk Jeff Williams Testers Gaurav Singh Bora Contributors Ignacio Avellaneda Kenon Bliss Ganesh Balakrishnan Paresh Gujar Shelly Bird Vince Humphreys Derick Campbell Ashish Java Sean Finnegan Editors Joanne Kennedy Reid Bannecker Jeff Newfeld Wendy Cleary Rob Oikawa John Cobb Vishnu Patankar Kelly McMahon Keith Proctor Jon Tobey Bill Reid Program Manager Sandeep Sinha Chase Carpenter Bomani Siwatu Graham Whiteley At the request of Microsoft, The Center for Internet Security (CIS) and the United States Department of Commerce National Institute of Standards and Technology (NIST) participated in the final review of these Microsoft documents and provided comments, which were incorporated into the published versions. Microsoft would also like to thank the Siemens Workplace Architecture Team as well as National Broadband LLC for their invaluable input and participation in the Early Adopter Program for this guide. Table of Contents Introduction to the Windows Server 2003 Security Guide ............................................................... 1 Overview....................................................................................................................................... 1 Executive Summary ..................................................................................................................... 2 Who Should Read This Guide......................................................................................................3 Get Secure Stay Secure............................................................................................................... 4 Scope of this Guide ...................................................................................................................... 5 Content Overview......................................................................................................................... 6 Skills and Readiness .................................................................................................................. 10 Requirements ............................................................................................................................. 11 Style Conventions ...................................................................................................................... 12 Summary .................................................................................................................................... 13 Configuring the Domain Infrastructure...........................................................................................15 Overview..................................................................................................................................... 15 Domain Policy ............................................................................................................................ 31 Account Policies ......................................................................................................................... 32 Password Policy ......................................................................................................................... 33 Account Lockout Policy .............................................................................................................. 38 Kerberos Policy .......................................................................................................................... 41 Security Options ......................................................................................................................... 42 Summary .................................................................................................................................... 44 Creating a Member Server Baseline.............................................................................................. 47 Overview..................................................................................................................................... 47 Windows Server 2003 Baseline Policy....................................................................................... 51 Audit Policy................................................................................................................................. 52 User Rights Assignments........................................................................................................... 64 Security Options ......................................................................................................................... 76 Event Log ................................................................................................................................. 100 System Services....................................................................................................................... 103 Additional Registry Settings ..................................................................................................... 139 Additional Security Settings...................................................................................................... 144 Summary .................................................................................................................................. 149 Hardening Domain Controllers..................................................................................................... 151 Overview................................................................................................................................... 151 Audit Policy Settings................................................................................................................. 153 User Rights Assignments......................................................................................................... 154 Security Options ....................................................................................................................... 159 Event Log Settings ................................................................................................................... 160 System Services....................................................................................................................... 161 Additional Security Settings...................................................................................................... 164 Summary .................................................................................................................................. 175 Hardening Infrastructure Servers................................................................................................. 177 Overview................................................................................................................................... 177 Audit Policy Settings................................................................................................................. 178 User Rights Assignments......................................................................................................... 179 Security Options ....................................................................................................................... 180 Event Log Settings ................................................................................................................... 181 System Services......................................................................................................................
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages292 Page
-
File Size-